BugReport.ir - Microsoft Office Groove 2007 DLL Hijacking Exploit (grooveperfmon.dll)

##########################www.BugReport.ir########################################
#
#        AmnPardaz Security Research Team
#
# Title:		Microsoft Office Groove 2007 DLL Hijacking Exploit (grooveperfmon.dll)
# Vendor:		http://office.microsoft.com/
# Vulnerable Version:	2007
# Exploitation:		Remote Code Execution
###################################################################################

####################
- Description:
####################

Groove 2007 is a collaboration software program teams can use to share information and work together on project activities—from simple document collaboration to custom solutions integrated with business processes.
Teams using Groove 2007 work inside collaborative workspaces, which put all team members, tools, and information in one place. Groove workspaces keep teams up to date automatically and efficiently, and enable them to work anywhere, anytime, and with anyone—even people outside their organization—so they spend less time coordinating and more time working.


####################
- Vulnerability:
####################

+--> DLL Hijacking
	Compile the exploit and rename to grooveperfmon.dll, create a file in the same dir with *.glk extension.
	(Vulnerability is discovered by DLLHijackAuditKit v2)
	
####################
- Exploits/PoCs:
####################

http://www.bugreport.ir/76/exploit.htm
	
####################
- Solution:
####################

http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx

####################
- Credit:
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
www.BugReport.ir
www.AmnPardaz.com