Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases

["Timothy J. Miller" <cerebus () SACKHEADS ORG>]

"John Lange" <lists () darkcore net> writes:

> Changing the search path for DLLs would break a good portion of windows
> apps, especially legacy apps.

Absolutely.

> In my previous life as a windows programmer, often the trick to get some
> older apps working was to find the older version of some DLL that it was
> looking for and put it in the same directory as the application so it would
> load those ones instead of whatever twisted version now exists in the
> windows/system directory.

Been there, done that.  Welcome to DLL Hell.

> Thus I think we will be forced to live with this security hole though the OS
> should be patched so that it never loads DLLs across network devices or at
> least obeys the security settings of the machine.

I'm not sure how this would protect anyone.  What about systems not
using shares?  If I can poison that .ZIP you just nicked, I've still
got you.  And there remain plenty of ways I can get an arbitrary file
into a *non-system* area of your disk.

Good policy on UNIX boxen is to *never* use '.' in PATH or
LD_LIBRARY_PATH.  This is exactly what Windows is doing.

> Funny that I've known this for a very long time but never thought about
> using it to load trojan DLLs.

I should have as well, but I never did.  Oh well.  Now the fun begins,
neh?