[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Breaking The SetDllDirectory Protection Against Binary Planting

To: <bugtraq@xxxxxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>, <cert@xxxxxxxx>, <si-cert@xxxxxxxx>
Subject: [Full-disclosure] Breaking The SetDllDirectory Protection Against Binary Planting
From: "ACROS Security Lists" <lists@xxxxxxxx>
Date: Wed, 27 Oct 2010 16:25:52 +0200

An old unfixed Windows functional bug was just upgraded to a security bug. Our
researchers have discovered that Windows' inability to consistently expand
environment variables in user and system PATH breaks the binary planting 
protection
provided by the SetDllDirectory function. The article describes how already 
fixed
iTunes and Safari - both using SetDllDirectory - can again be successfully
binary-planted due to this bug. This time it's not Apple's fault.

http://blog.acrossecurity.com/2010/10/breaking-setdlldirectory-protection.html

Pleasant reading,

Mitja Kolsek
CEO&CTO

ACROS, d.o.o.
Makedonska ulica 113
SI - 2000 Maribor, Slovenia
tel: +386 2 3000 280
fax: +386 2 3000 282
web: http://www.acrossecurity.com

ACROS Security: Finding Your Digital Vulnerabilities Before Others Do
 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Call for Associate Editors and reviewers: Advances in Network and Communications
Next by Date: [Full-disclosure] Secunia Research: Winamp VP6 Content Parsing Buffer Overflow Vulnerability
Previous by thread: [Full-disclosure] Call for Associate Editors and reviewers: Advances in Network and Communications
Next by thread: [Full-disclosure] Secunia Research: Winamp VP6 Content Parsing Buffer Overflow Vulnerability
Index(es):
- Date
- Thread