Help & Manual Professional Edition 5.5.1 (ijl15.dll) DLL Hijacking Exploit
Title: Help & Manual Professional Edition 5.5.1 (ijl15.dll) DLL Hijacking Exploit
Advisory ID: ZSL-2011-5009
Type: Local/Remote
Impact: System Access
Risk: (4/5)
Release Date: 14.04.2011
[2] http://securityreason.com/exploitalert/10340
[3] http://secunia.com/advisories/44170/
[4] http://www.securityfocus.com/bid/47349
[5] http://osvdb.org/show/osvdb/71829
[6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-5155
[15.04.2011] - Added reference [2], [3] and [4]
[18.04.2011] - Added reference [5]
[07.09.2012] - Added reference [6]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2011-5009
Type: Local/Remote
Impact: System Access
Risk: (4/5)
Release Date: 14.04.2011
Summary
Help & Manual 5 is a single-source help authoring and content management system for both single and multi-author editing.Description
Help & Manual suffers from a DLL hijacking vulnerability that enables the attacker to execute arbitrary code on the affected machine. The vulnerable extensions are hmxz, hmxp, hmskin, hmx, hm3, hpj, hlp and chm thru ijl15.dll Intel's library.Vendor
EC Software GmbH - http://www.helpandmanual.comAffected Version
5.5.1 Build 1296Tested On
Microsoft Windows XP Professional SP3 (EN)Vendor Status
N/APoC
helpmanual_dll.cCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] http://packetstormsecurity.org/files/100426[2] http://securityreason.com/exploitalert/10340
[3] http://secunia.com/advisories/44170/
[4] http://www.securityfocus.com/bid/47349
[5] http://osvdb.org/show/osvdb/71829
[6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-5155
Changelog
[14.04.2011] - Initial release[15.04.2011] - Added reference [2], [3] and [4]
[18.04.2011] - Added reference [5]
[07.09.2012] - Added reference [6]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
