Full Disclosure mailing list archives

Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)

From: paul.szabo () sydney edu au
Date: Thu, 9 Sep 2010 07:13:57 +1000

Christian Sciberras <uuf6429 () gmail com> wrote:

... the approach to fixing it is not practical ...
... it is [the fault of] the underlying dll loading mechanism.


Do you mean that the practical solution would be for MS to set
sensible defaults? It took them many years for SafeDllSearchMode,
expect just as many for CWDIllegalInDllSearch.

In the meantime, let us get all apps fixed. Or install Ubuntu.

Cheers, Paul

Paul Szabo   psz () maths usyd edu au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) YGN Ethical Hacker Group (Sep 06)
- Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) Dan Kaminsky (Sep 06)
  - Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) Dan Kaminsky (Sep 06)
  - Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) Christian Sciberras (Sep 06)
    - Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) Jacky Jack (Sep 07)
    - Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) YGN Ethical Hacker Group (Sep 08)
    - Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) Christian Sciberras (Sep 08)
    - Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) Everhart, Glenn (Sep 08)
    - Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) paul . szabo (Sep 08)
    - Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) Christian Sciberras (Sep 08)
    - Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) paul . szabo (Sep 08)
    - Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) Christian Sciberras (Sep 08)
    - Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) paul . szabo (Sep 08)
    - Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) Christian Sciberras (Sep 08)
    - Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) YGN Ethical Hacker Group (Sep 08)
    - Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) Christian Sciberras (Sep 08)
    - Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) jf (Sep 09)
    - Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) Mitja Kolsek (Sep 09)
    - Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) Christian Sciberras (Sep 09)

(Thread continues...)