-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

==========================================================================
==========================================================================
 Ultr@VNC Viewer 1.0.8.2 (vncviewer.exe) dll hijacking reloaded
 
 Author: shinnai
 mail: shinnai[at]autistici[dot]org
 site: http://www.shinnai.altervista.org/

 This was written for educational purpose. Use it at your own risk.
 Author will be not responsible for any damage.

 Tested on:
 Windows 7 professional full patched
==========================================================================
==========================================================================
 DESCRIPTION: 
 I think this is just a logic flaw, infact this program is still
 vulnerable to dll hijacking simply creating, in the same folder of
 one of below listed files, these folders:

 "%commonprogramfiles%\microsoft shared\windows live"

 and then put into "windows live" folder our dll.

 E.g.
 
  C:\>dir /S test

  Volume in drive C has no label.
  Volume Serial Number is XXXX-YYYY

  Directory of C:\test

 14/10/2010  11:29    <DIR>          .
 14/10/2010  11:29    <DIR>          ..
 14/10/2010  11:29    <DIR>          %commonprogramfiles%
 07/10/2010  13:22                 8 test.xspf
                1 File(s)              8 bytes

  Directory of C:\test\%commonprogramfiles%

 14/10/2010  11:29    <DIR>          .
 14/10/2010  11:29    <DIR>          ..
 14/10/2010  11:29    <DIR>          microsoft shared
                0 File(s)              0 bytes

  Directory of C:\test\%commonprogramfiles%\microsoft shared

 14/10/2010  11:29    <DIR>          .
 14/10/2010  11:29    <DIR>          ..
 14/10/2010  11:29    <DIR>          windows live
                0 File(s)              0 bytes

  Directory of C:\test\%commonprogramfiles%\microsoft shared\windows live

 14/10/2010  11:29    <DIR>          .
 14/10/2010  11:29    <DIR>          ..
 14/10/2010  09:36            14,336 vnclang.dll
               1 File(s)         14,336 bytes
==========================================================================
==========================================================================
 INFO:
Prg.:	vncviewer.exe
Ver.:	1.0.8.2
Ext.:	vnc

dll:	vnclang.dll
==========================================================================
==========================================================================

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)

iQIcBAEBAgAGBQJMtvlvAAoJELleC2c7YdP1O3cQAJd3+FfCv570jk+/zbsodajL
8WArneG1znAkDfIWz0emM+1pW+FCJkb/AdpM7m1AIiFfYgwVZ2kFo6R0JgbUE7CM
YHy9dTSFwCDbL30EkOoYhvnIHbW0eG5/moOPjpFdpR91ovKZ7gGq9IGXA+x+Q+XO
bmAIRJYMwVGr+8d1n0WRCFXuulujKUsiMIm8RgzoneaPsqdVhSTCFlynhYfd2ufI
Q8jebG/fQtmJXg0/FckoqzV3awi8kaAepOHXF6l96xj0pun3Z0OmGcixJI0o3SCs
Scva5ZttQHvI+XVk7yzxyykd1hb/Z0uVGek7oSfz5HVhBnKPyWv9U7cK46uXuEvZ
k99/ADhCTnbdO9nzL/ife0vM+sOY2rd3IWOqkhhUMTCG+2OPq6j710pDBmS5PJ+Z
vCrnTPJ3VG6K7MJCPTPkD5XAZmBUH/Kf7PIwSf1OmlXsBQMFa/0dgHqwjcl9uAfT
OZ6kupLgwJ1AbZnb5q2RsMsP1DCaXnMj9L/4w3JENxWRq1M/8L/U+0w7Dd8H5Wz/
dJVqTXX3jdJvUDcGxcBjewOArmQ4cjFqz96RssZgA6Aq/T2NOz3MEHDiF0tbSyOh
zMVqsOtrVxJebdvyVcAhjA+afmfVSRMtpzfOs4A6XKAUcbJLfuSjOP5YDASGe++R
w9T6U0+V55uvbeLEHq/h
=nHAA
-----END PGP SIGNATURE-----