[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)
- To: paul.szabo@xxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)
- From: Christian Sciberras <uuf6429@xxxxxxxxx>
- Date: Thu, 9 Sep 2010 01:44:33 +0200
That is what others said, yet it installed automatically on mine.
The only interaction was that I allowed it to be downloaded and
installed....not really geeky at all...
I must say you'll have to take my word on it.
On Thu, Sep 9, 2010 at 1:36 AM, <paul.szabo@xxxxxxxxxxxxx> wrote:
> Christian Sciberras <uuf6429@xxxxxxxxx> wrote:
>
>>>> MS issued a patch quite some time ago.
>> http://support.microsoft.com/kb/2264107
>
> That is not a "patch", not installed by default: is only for
> uber-geeks who manually install it. Was issued a week ago, in
> response to this kerfuffle, not "quite some time ago".
>
> Which setting of CWDIllegalInDllSearch did you choose: was it
> 0xFFFFFFFF which may be "safe", but is known to break Outlook
> (and others), as noted in
>
> DLL hijacking vulnerabilities
> http://isc.sans.edu/diary.html?storyid=9445
>
> (geeks can add further tweaks to the registry to fix).
>
> Cheers, Paul
>
> Paul Szabo psz@xxxxxxxxxxxxxxxxx http://www.maths.usyd.edu.au/u/psz/
> School of Mathematics and Statistics University of Sydney Australia
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/