Re: [Full-disclosure] Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability
- From: jf <jf@xxxxxxxxx>
- Date: Wed, 8 Sep 2010 17:05:16 -0500
... my understanding of the issue was not the default library search
path, but rather that people are using SearchPath() or similar to locate
DLLs which they then pass to LoadLibrary() ...
And, people loading DLLs they do not need, for OS version detection.
(Maybe others?)
I still don't see how this is really MSFTs fault. I mean, there's defined APIs for getting the version, theres a fairly clear warning on MSDN for LoadLibrary & SearchPath; isn't this akin to blaming the OS vendor for the app vendor improperly using strcpy?
An "exploit scenario" for nmap: send a ZIP (or somesuch) archive to
the victim, containing a data file and a "hidden" DLL, with message:
Hey, these seem infected with conficker, check with nmap
and the victim using "nmap -iL datafile" from current dir.
Yeah, good luck with that.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Follow-Ups:
- Re: [Full-disclosure] Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability
- From: Pavel Kankovsky
- Re: [Full-disclosure] Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability
- From: paul . szabo
- Re: [Full-disclosure] Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability
- References:
- Prev by Date: Re: [Full-disclosure] Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability
- Next by Date: Re: [Full-disclosure] KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)
- Previous by thread: Re: [Full-disclosure] Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability
- Next by thread: Re: [Full-disclosure] Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability
- Index(es):
Relevant Pages
|
