Fwd: Insecure DLL Call in Windows
naxonez at gmail.com
Wed May 14 15:50:31 EDT 2014
---------- Forwarded message ----------
From: NaxoneZ . <naxonez at gmail.com>
Date: 2014-05-14 21:40 GMT+02:00
Subject: Re: Insecure DLL Call in Windows
To: Richard Laager <rlaager at pidgin.im>
Sorry, I forgot to say you that this path dont exists in my system (really
Regards and sorry for spam.
2014-05-14 21:39 GMT+02:00 NaxoneZ . <naxonez at gmail.com>:
The problem is that an malware can aproach this insecure call and plant a
> dll using the limited rights of the user.
> Normally the calls of this dll is in a "secure" folder like Windows or
> Program files because a limited user cant write in these directories.
> You can obtain other examples here:
> Regards and thanks :)
> 2014-05-14 21:13 GMT+02:00 Richard Laager <rlaager at pidgin.im>:
> On Wed, 2014-05-14 at 14:12 +0200, NaxoneZ . wrote:
>> > How you can see if an attacker plant a dll in this paths (I tested
>> > with %USERPROFILE%\.gtk-2.0\engine\libwimp.dll with this
>> > DLL:
>> I'm not sure how this is any different than the fact that Pidgin, like
>> many programs, loads plugin DLLs from the user's home directory
>> ("profile" in Windows speak). Any program which supports plugins allows
>> the user to execute code.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the security