[WIN32] DLL loading vulnerability
Elliott Sales de Andrade
qulogic at pidgin.im
Tue Aug 31 22:26:51 EDT 2010
This issue seems to be making all the news now.
Since it exploits the default current-directory-in-DLL-search-path, I
would assume the only possible problem is through the protocol
handlers as I'd think Pidgin would normally have a sane current
directory set otherwise.
But we've had issues with aspell.dll in the PATH before, and I noticed
Daniel made some changes to our LoadLibrary calls that might be
related, so I'm bringing it up now to see if there's any need to make
a release or something.
Elliott aka QuLogic
More information about the security