Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)

From: YGN Ethical Hacker Group <lists () yehg net>
Date: Fri, 10 Sep 2010 02:55:12 +0800
If, say, DWM.dll is exploitable, why not point *that* out rather than
point out the many applications that are using it (wrongly)?



As I might have said in earlier mail, I have to do this so that
vulnerability news site such as secunia , securiteam authors can get
enough information for each application. Most of them do it
automatically.
They can't process vulnerability posts like "Multiple
Vulnerabilities". They have to extract each item.
If you take a look at OSVDB, they will put each item of vulnerability
that belongs to each item.

DLL Hijack posts are not to spam but to be served for that purpose.
You should filter it.


Everybody thinks that their ideas, actions, thinkings are right. And
everyone has his pride and ego.

You can never control someone's way of doing. You can just tell it,
watch it or ignore it.  You can block all DLL Hijack posts if you 0wn
this list. Thanks for your patience.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: