All Things Microsoft > Microsoft as a Company

Windows DLL load hijacking exploits go wild

(1/1)

reactosguy:
http://www.reuters.com/article/idUS2168761020100825?loomia_ow=t0:s0:a49:g43:r1:c0.126374:b36893430:z0

Microsoft says that it could not patch Windows because that would cripple applications, yet forty-one of Microsoft's own programs are vulnerable to DLL load hijacking.

Many Windows applications don't call DLLs using the full pathname, but instead use only the filename. However, hackers can exploit the applications by fooling the application into loading a malicious file with the same name as a required DLL.

Lead Head:
I've heard of attacks like this before. I remember reading about one that compromised an Explorer.exe DLL, making it nearly impossible to find (or even know) that there was an issue.

Navigation

[0] Message Index

Go to full version