The vulnerability of a Windows DLL with the EXE misuse of a good influence

green apple (day 194) by TeeRish

Windows DLL, removal of a recently discovered vulnerability that I think is more important. Until now, you're looking for with higher priority can be found in the guide, Windows DLL eulrodeureul confirmed that the current working directory. Then the attacker to exploit vulnerabilities in the system you are using a DLL that has an unknown will. Secunia This vulnerability can be visited by the affected DLL, a Windows program that you want to see a list of users. , 123 applications, a total of 47 additional suppliers will be affected at the time of writing.

The problem is that changes to the executable file is a list of priority research. Acros, according to a blog post on security exe in Windows, the highest or second highest priority is loaded into the blog.

This is an example to the current working directory in the Windows directory or the directory path to be in an environment before looking for ways to start a new process.

The attacker, such as executable files in the working directory to place the name, for example, a malicious application Explorer.exe Guy executed by the user of the system was launched by the former can exploit.

What does this mean? This solution is available to protect against this vulnerability to hijack the number of efforts to protect important not to take ineurobuteo EXE DLL ways.

In fact, the current directory, the second request (NULL, "calc.exe" CreateProcess to call something like … when you try to run the Windows calculator), malignant Calc. exe Hide the working directory is kept in place. And the remote is also the current working directory on remote network shares on the local network or the Internet If you are getting the point. And, contrary to run the distance and safety of users will not be issued a warning to use the ShellExecute function to open *. That is what we all know, security warnings ShellExecute such functions, the introduction of today's operating back-end, without man with multiple batch and server operations and can cause serious problems.

Acros and test open to the public that they have created. Line planting Binaryplanting.com exposure test binaries are available. The test for users who want to attack the exhibition is for planting totest binary.

At least you are not using WebDAV users the best way to solve the problem, it is off. Windows Keyboard Shortcuts in Windows 7 users – Type R in services.msc, the Windows service requires an open and press the Enter key. And they basically according to the manual should be able to find the WebClient. Double-entry and uncheck all the services do not click on your operating system.

The problem is still in its units, WebDAV does not exist after the liberation. The example of Apple's browser has been updated since the attacks (which can be used in Apple's Safari Web browser, a) the receipt of

In Apple's Safari for Windows after the process of implementation errors, an attacker to load and run on a local disk and remote Windows share, and EXE] malicious [there are stocks we can create the Internet.

A remote attacker on the network share to do with what a malicious Explorer.exe, factories and users with Safari, open the HTML file from a network location – which will require a minimum of social engineering. Then, the user (), for example, the menu: Window -> Downloads -> Right-click the file -> folder view the content of the folder containing the downloaded file to open the explorer. exe is the beginning of a legal rather than malicious.

Or an HTML file (if 10 or) "file: / / location", a malicious attempt to Safari in the release of product in the Windows Explorer Explorer.exe to start connecting. (Via)