Title: Google Earth v5.1.3535.3218 (quserex.dll) DLL Hijacking Exploit
Advisory ID: ZSL-2010-4955
Type: Local/Remote
Impact: System Access
Risk: (4/5)
Release Date: 26.08.2010

Summary

Google Earth lets you fly anywhere on Earth to view satellite imagery, maps, terrain, 3D buildings, from galaxies in outer space to the canyons of the ocean. You can explore rich geographical content, save your toured places, and share with others.

Description

Google Earth suffers from a dll hijacking vulnerability that enables the attacker to execute arbitrary code on a local level. The vulnerable extension is .kmz thru quserex.dll and wintab32.dll libraries.

Vendor

Google Inc. - http://www.google.com

Affected Version

5.1.3535.3218

Tested On

Microsoft Windows XP Professional SP3 (English)

Vendor Status

N/A

PoC

googlee_dll.c

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] http://www.exploit-db.com/exploits/14790
[2] http://www.packetstormsecurity.org/filedesc/googlee_dll.txt.html
[3] http://securityreason.com/exploitalert/8789
[4] http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/
[5] http://www.exploit-db.com/dll-hijacking-vulnerable-applications/
[6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-3134
[7] http://osvdb.org/show/osvdb/67539

Changelog

[26.08.2010] - Initial release
[27.08.2010] - Added reference [1], [2], [3], [4] and [5]
[13.11.2010] - Added reference [6] and [7]

Contact

Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk