[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer

To: "Ward Taylor" <rfdhomer@windyplains.com>, <bugtraq@securityfocus.com>
Subject: Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
From: "Nexus" <nexus@patrol.i-way.co.uk>
Date: Tue, 10 Feb 2004 16:40:17 -0000

----- Original Message -----
From: "Ward Taylor" <rfdhomer@windyplains.com>
To: <bugtraq@securityfocus.com>
Sent: Monday, February 09, 2004 7:31 PM
Subject: RE: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet
Explorer

> Hi:
> There is a win2k registry setting which allows the default .dll search
order
> to be changed.

Out of curiosity, does that override the 0 byte .exe.local file trick to
force the application to search the local directory for the .dll first ?
http://www.jsiinc.com/subf/tip2600/rh2606.htm

Cheers.

References:
- RE: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
  - From: "Ward Taylor" <rfdhomer@windyplains.com>

Prev by Date: Re: Decompression Bombs
Next by Date: RE: Samba 3.x + kernel 2.6.x local root vulnerability
Previous by thread: Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
Next by thread: RE: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
Index(es):
- Date
- Thread