News
Vigil@nce: Windows, code execution via "DLL preload"
September 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can use a malicious DLL in order to execute code in the context of the targeted application.
Severity: 2/4
Creation date: 25/08/2010
DESCRIPTION OF THE VULNERABILITY
An application can be separated in many libraries (Dynamic Link library - DLL).
When an application uses a function in a DLL, it is first loaded and the function is called. If the path of the DLL is not complete (or not specified), Windows looks up the DLL at many places (current path, system directory, ...) and load the first match, stopping the look up. However, no other controls takes place. A malicious DLL having the same name and the same interface as the original can therefore be placed in one of those path.
An attacker can therefore use a malicious DLL in order to execute code in the context of the targeted application.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
