Just found an exploit for avast 5.0.677:
http://inj3ct0r.com/exploits/14496
Devs,what is your opinion about the exploit? Can you confirm a workability of the exploit?And if so,was it fixed already?

No such dwmapi.dll file on my system, this seems to have been a converted text as it talks of placing this file in the avira folder ???

So I can’t see how this would be able to replace any avast file (if it existed and or was an avast file) if you haven’t disabled the avast self-defence module.

You should break the link, replace http with hXXp, so it isn’t live. Personally I wouldn’t have put the link there in a publicly available forum but direct the question to avast support. You don’t want anyone to get any ideas.

1.http://www.processlibrary.com/directory/files/dwmapi/
It is a vista dll but here the hacker ask you to compile it to dwmapi then work with this dwmapi not the real one.
2.I see the text

|| || | || o_,_7 _|| . _o_7 _|| 4_|_|| o_w_, ( : / (_) / ( .

Which is "بسم الله الرحمن الحيم"==In God name we start"not a technical translate" So the hacker is Arabic as i think He is wrong since the SP of avast wont allow you to put a file in the directory,but you"or the program"should inject the library before using the exploit. So a success program which will inject the library will lead to running calculator"in this code and another payload if a bad hacker use it",But what is the used vulerability is used i dont know?! ???

I guess the author kinda didn’t grasp the idea behind the dwmapi.dll problem (and other similar dll loading vulnerabilities). It includes loading (untrusted) DLLs from other (usually remote) folders - that is the real problem. If you have to copy the DLL directly into the application’s folder… it’s hardly a vulnerability. I mean, if you have rights to modify files in the installation folder, you can do many other things… you probably don’t have to use any vulnerabilities, but you can modify / remove the files directly.