[WIN32] DLL loading vulnerability

Elliott Sales de Andrade qulogic at pidgin.im
Tue Aug 31 22:26:51 EDT 2010


This issue seems to be making all the news now.

Since it exploits the default current-directory-in-DLL-search-path, I
would assume the only possible problem is through the protocol
handlers as I'd think Pidgin would normally have a sane current
directory set otherwise.

But we've had issues with aspell.dll in the PATH before, and I noticed
Daniel made some changes to our LoadLibrary calls that might be
related, so I'm bringing it up now to see if there's any need to make
a release or something.

Elliott aka QuLogic
Pidgin developer

More information about the security mailing list