Re: [Full-disclosure] KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)

["Mitja Kolsek" <mitja.kolsek@xxxxxxxxxxxxxxxxx>]

Hi Chris, 

> Considering Acros highlighted how their POC was highly 
> unstable (they've frequently advised to try the program 
> several times to get it to work) I don't see such abnormal 
> behaviour out of this world.

Indeed, we're seeing problems with accessing (any) remote WebDAV shares from 
various
Windows computers, while it works just great on others. Based on network 
monitoring,
it doesn't seem to be the problem with the server though, but rather with 
occasionaly
unreliable support for WebDAV folders in Windows. We're looking for possible 
causes
and especially for workarounds that could improve the reliability.

We'll appreciate your feedback - tell us how it worked or didn't work for you. 
It's a
chance for us all to learn something new.

Bwt, you can simply turn our Internet-based test into an intranet or local test 
by
copying the files to your local share or a folder on your computer and 
double-click
the .wab file from there. The usual caution with runnning code from unknown 
sources
applies, of course.

> One last thing, rather than just running a random POC I've 
> actually looked into what's going on, via Process Monitor, 
> and as far as it's concerned, it always loaded the correct 
> (ie, the original) dlls.

Can you please send the Process Monitor log for this case? We'll be happy to 
look
into your case.

Cheers,

Mitja Kolsek
CEO&CTO

ACROS, d.o.o.
Makedonska ulica 113
SI - 2000 Maribor, Slovenia
tel: +386 2 3000 280
fax: +386 2 3000 282
web: http://www.acrossecurity.com

ACROS Security: Finding Your Digital Vulnerabilities Before Others Do
 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/