Re: [Full-disclosure] Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability

jf <jf@xxxxxxxxx> wrote:

... my understanding of the issue was not the default library search
path, but rather that people are using SearchPath() or similar to locate
DLLs which they then pass to LoadLibrary() ...

And, people loading DLLs they do not need, for OS version detection.
(Maybe others?)

... I can't see anyone opening a URL with nmap itself ...

An "exploit scenario" for nmap: send a ZIP (or somesuch) archive to
the victim, containing a data file and a "hidden" DLL, with message:
Hey, these seem infected with conficker, check with nmap
and the victim using "nmap -iL datafile" from current dir.

Cheers, Paul

Paul Szabo psz@xxxxxxxxxxxxxxxxx
School of Mathematics and Statistics University of Sydney Australia

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Relevant Pages