Full Disclosure mailing list archives
Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)
From: jf <jf () ownco net>
Date: Wed, 8 Sep 2010 21:32:30 -0500
I've tested on Clean Licensed Windows 7 Professional Edition 64-bit with latest windows updates applied (as of Today -sept 09 2010).Could be a virus/trojan from my XP machine might have caused some form of immunity against this issue? And perhaps my extensive meddling and customization somehow modify the Windows 7 install beyond normal limits? I very much doubt this. I used both bitness demos for what it's worth.
I can confirm the demo worked as expected; first shot on an up-to-date auto-patched win7 box. That said, I did a quick search to see if I had a local copy of wab32res.dll (dunno what the dll in the subject line is about, the DLL in question is wab32res.dll), and I did not. I wrote a quick DLL with a simple MessageBoxA() into the Windows directory and tested it again and got a pop up informing me I am about to import an address book (versus their lolhacked popup). If I had to take a stab at it, judging by this comment:
One last thing, rather than just running a random POC I've actually looked into what's going on, via Process Monitor, and as far as it's concerned, it always loaded the correct (ie, the original) dlls.
my guess would be that one of you has a copy of the DLL in the DLL search path (which *doesnt* include . until the second to last stage by default), and one of you does not. ..De asini vmbra disceptare. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll), (continued)
- Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) Christian Sciberras (Sep 08)
- Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) Everhart, Glenn (Sep 08)
- Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) paul . szabo (Sep 08)
- Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) Christian Sciberras (Sep 08)
- Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) paul . szabo (Sep 08)
- Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) Christian Sciberras (Sep 08)
- Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) paul . szabo (Sep 08)
- Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) Christian Sciberras (Sep 08)
- Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) YGN Ethical Hacker Group (Sep 08)
- Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) Christian Sciberras (Sep 08)
- Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) jf (Sep 09)
- Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) Mitja Kolsek (Sep 09)
- Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) Christian Sciberras (Sep 09)
- Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) Christian Sciberras (Sep 09)
- Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) YGN Ethical Hacker Group (Sep 09)
- Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) Christian Sciberras (Sep 09)
- Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) YGN Ethical Hacker Group (Sep 09)
- Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) Stefan Kanthak (Sep 13)
- Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) Rohit Patnaik (Sep 13)
- Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) YGN Ethical Hacker Group (Sep 13)