Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-33037: Vuln/Orwell-Dev-Cpp-CreateProcessA-Misuse-Binary-Hijack.md at main · ycdxsb/Vuln

A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file.

CVE
Open in Source
#windows#c++

Orwell-Dev-Cpp CreateProcessW Misuse Binary Hijack****Basic Info

Software name:Orwell dev-cpp

download:https://sourceforge.net/projects/orwelldevcpp/

Vuln Version:v5.11and before

Description:When users run Dev-cpp in windows, we can see that it will try to run C:\Program.exe, if C:\Program.exe not exists, then it will run C:\Program Files (x86)\MingGW64\bin\gcc.exe. So an attacker can put C:\Program.exe in C:, and it will execute arbitrary code when other users run Dev-Cpp.

Analyse

When we start devcpp.exe in windows, we can see that it will try to start process C:\Program Files (x86)\MingGW64\bin\gcc.exe with CreateProcessA

This vuln occured because the developer misuse CreateProcesAs API in AcGeneral.dll .

So an attacker which have write permission of C:\ can place binary named C:\Program.exe. And it will be executed when embarcadero dev-cpp started.

Proof of Concept

Poc Vedio

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE