Insecure DLL Call in Windows
Richard Laager
rlaager at pidgin.im
Wed May 14 15:13:37 EDT 2014
On Wed, 2014-05-14 at 14:12 +0200, NaxoneZ . wrote:
> How you can see if an attacker plant a dll in this paths (I tested
> with %USERPROFILE%\.gtk-2.0\engine\libwimp.dll with this
> DLL: http://www.binaryplanting.com/demo/windows_address_book/wab32res.dll
I'm not sure how this is any different than the fact that Pidgin, like
many programs, loads plugin DLLs from the user's home directory
("profile" in Windows speak). Any program which supports plugins allows
the user to execute code.
--
Richard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20140514/487ebdda/attachment.sig>
More information about the security
mailing list