CVE-2010-5239

DAEMON Tools Lite/Pro <4.35.6.0091-4.36.0309.0160 - Privilege Escal...

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-5239. PoCs published by Mohamed Clay.

AI-analyzed exploit summary This exploit demonstrates DLL hijacking by leveraging the mfc80loc.dll dependency in Demon Tools Lite. It triggers a MessageBox popup when the DLL is loaded, confirming successful exploitation.

Description

Untrusted search path vulnerability in DAEMON Tools Lite 4.35.6.0091 and Pro Standard 4.36.0309.0160 allows local users to gain privileges via a Trojan horse mfc80loc.dll file in the current working directory, as demonstrated by a directory that contains a .mds file. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC

by Mohamed Clay · clocalwindows

https://www.exploit-db.com/exploits/14791

View Code ZIP pw:eip

This exploit demonstrates DLL hijacking by leveraging the mfc80loc.dll dependency in Demon Tools Lite. It triggers a MessageBox popup when the DLL is loaded, confirming successful exploitation.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Demon Tools Lite (version not specified)

No auth needed

Prerequisites: Place mfc80loc.dll and a .mds file in the same directory · Execute the .mds file in Demon Tools Lite

MITRE ATT&CK

T1574.001 - DLL

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/41146

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/14791/

Scores

EPSS 0.0106

EPSS Percentile 59.9%

Details

Status published

Products (2)

daemon-tools/daemon_tools 4.35.6.0091

daemon-tools/daemon_tools 4.36.0309.0160

Published Sep 07, 2012

Tracked Since Feb 18, 2026