Vulnerability in loading DLL is in Microsoft Office - PoC
A recent topic described a vulnerability in the DLL loading mechanism. The problem is that the library can be loaded from the current directory (and the current directory can be any directory where the document is, for example, “My Documents”). This allows the victim to send an archive with the document and DLL. The user will open the document, and the application, in addition to the whole, will load and execute the DLL.
In the comments to the topic, many unsubscribed that they could not achieve the desired effect. For all those who failed to post, I’m posting a ready-made ZIP archive with two files so that everyone can verify for themselves. The DLL starts the calculator. I work on fully patched Windows XP SP3 and Microsoft Office 2007.