[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)

To: lists@xxxxxxxx, uuf6429@xxxxxxxxx
Subject: Re: [Full-disclosure] KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)
From: paul.szabo@xxxxxxxxxxxxx
Date: Thu, 9 Sep 2010 07:13:57 +1000

Christian Sciberras <uuf6429@xxxxxxxxx> wrote:

> ... the approach to fixing it is not practical ...
> ... it is [the fault of] the underlying dll loading mechanism.

Do you mean that the practical solution would be for MS to set
sensible defaults? It took them many years for SafeDllSearchMode,
expect just as many for CWDIllegalInDllSearch.

In the meantime, let us get all apps fixed. Or install Ubuntu.

Cheers, Paul

Paul Szabo   psz@xxxxxxxxxxxxxxxxx   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)
  - From: Christian Sciberras

References:
- Re: [Full-disclosure] KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)
  - From: Christian Sciberras

Prev by Date: Re: [Full-disclosure] [GOATSE SECURITY] Clench: Goatse's way to say "screw you" to certificate authorities
Next by Date: Re: [Full-disclosure] KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)
Previous by thread: Re: [Full-disclosure] KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)
Next by thread: Re: [Full-disclosure] KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)
Index(es):
- Date
- Thread