[WIN32] DLL loading vulnerability
Elliott Sales de Andrade
qulogic at pidgin.im
Tue Aug 31 22:26:51 EDT 2010
Hi,
This issue seems to be making all the news now.
http://www.h-online.com/security/news/item/Microsoft-warns-of-DLL-vulnerability-in-applications-1064584.html
Since it exploits the default current-directory-in-DLL-search-path, I
would assume the only possible problem is through the protocol
handlers as I'd think Pidgin would normally have a sane current
directory set otherwise.
But we've had issues with aspell.dll in the PATH before, and I noticed
Daniel made some changes to our LoadLibrary calls that might be
related, so I'm bringing it up now to see if there's any need to make
a release or something.
--
Elliott aka QuLogic
Pidgin developer
More information about the security
mailing list