[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] DLL hijacking with Autorun on a USB drive
- To: Stefan Kanthak <stefan.kanthak@xxxxxxxx>
- Subject: Re: [Full-disclosure] DLL hijacking with Autorun on a USB drive
- From: Dan Kaminsky <dan@xxxxxxxxxxx>
- Date: Tue, 14 Sep 2010 18:54:27 -0400
On Tue, Sep 14, 2010 at 6:07 PM, Stefan Kanthak <stefan.kanthak@xxxxxxxx> wrote:
> Dan Kaminsky wrote:
>
>> h0h0h0. There be history, Larry.
>>
>> Short version: Go see how many DLLs exist outside of c:\windows\system32.
>> Look, ye mighty, and despair when you realize all those apps would be broken
>> by CWD DLL blocking.
>
> No, that's the too much shortened version.
> The correct version but is: Go see how many DLLs exist outside of the DLL
> search path.
> CWD DLL blocking does NOT break all those apps!
> Apps which install their DLLs into their own application directory won't
> notice CWD blocking at all.
>
> And apps which break can be easily fixed:
>
> [HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\application.exe]
> "Path"=...
>
> exists for more than 15 years now.
>
> Stefan
>
>
An automatic patch that breaks random apps will not be an automatic
patch -- and neither will the twenty patches after it.
Nobody cares that the breakage "can be fixed" with some fifteen year old key.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/