BugReport.ir - Adobe LiveCycle ES DLL Hijacking Exploit (.dll)

##########################www.BugReport.ir########################################
#
#        AmnPardaz Security Research Team
#
# Title:		Adobe LiveCycle ES DLL Hijacking Exploit (.dll)
# Vendor:		http://www.adobe.com/products/livecycle/
# Vulnerable Version:	8.2.1.3144.1.471865
# Exploitation:		Remote Code Execution
###################################################################################

####################
- Description:
####################

Adobe® LiveCycle® Enterprise Suite (ES) software can help you extend the value of existing back-end systems by enabling developers to build and deploy applications quickly and easily, and by empowering business users to manage application environments based on their specific needs.
With Adobe LiveCycle ES, you can make it easier for people to interact with information through intuitive user experiences, improve efficiencies through business process automation, and enhance customer service through personalized communications management.


####################
- Vulnerability:
####################

+--> DLL Hijacking
	Compile the exploit and rename to .dll, create a file in the same dir with *.tds extension.
	(Vulnerability is discovered by DLLHijackAuditKit v2)
	
####################
- Exploits/PoCs:
####################

http://www.bugreport.ir/74/exploit.htm
	
####################
- Solution:
####################

http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx

####################
- Credit:
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
www.BugReport.ir
www.AmnPardaz.com