diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


DLL Vlnerability (Binary Planting) Under Windows Goes “EXE”

It turns out that DLL vulnerability (Binary Planting) under Windows was only the tip of the iceberg. As, ACROS explains that “Attackers first save an HTML file and a manipulated file called explorer.exe on a drive. When victim opens HTML file with Safari, nothing happens initially, but the file does contain a link to a URI that starts with “file://”, which causes Windows to try to start Windows Explorer. Unfortunately, Windows loads explorer.exe within containing folder (the network share) and executes it.”

ACROS says “CWDIllegalInDllSearch-Hotfix prevents code from being loaded from current containing folder for DLLs, but doesn’t work for EXE files. The same also holds true for SetDLL directory function. Because there’s no comparable function for EXE files, ACROS says it would only help if the app puts containing folder at the end of search path before additional processes are launched. At the moment, the only way to prevent remote attacks seems to be by disabling WebDAV clients (under Services).

Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...