Nmap Development mailing list archives
Re: Zenmap GUI DLL Hijacking (zenmap.exe)
From: Fyodor <fyodor () insecure org>
Date: Sat, 18 Sep 2010 12:11:45 -0700
On Sat, Sep 18, 2010 at 05:51:41PM +0700, public mail wrote:
hi there.. i found ur zenmap GUI is vulnerable with dll hijacking exploit. it can be exploited via intl.dll
Hi NoGe. Thanks for the report, although we've already discussed the way Zenmap loads intl.dll on this list (see http://seclists.org/nmap-dev/2010/q3/index.html). We don't consider this a Zenmap vulnerability because users would have to try pretty hard to exploit themselves. But it is still worth noting the issue. Microsoft has intentionally included the "current directory" in their DLL search path, so many applications behave this way if you manage to open them such that the "current directory" contains malicious DLLs. With Zenmap (and other software), I recommend opening the application first by clicking on its desktop icon or start menu entry. Then you can open scans from the "Scan -> Open Scan" menu item or Ctrl-O. I do think that Microsoft's inclusion of the current directory in their DLL search path is a bad design decision. If we find an easy way to disable this behavior for Zenmap, I think we should do so. It is a bit complex since Nmap is a Python program which we convert into an executable using py2exe. Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Zenmap GUI DLL Hijacking (zenmap.exe) public mail (Sep 18)
- Re: Zenmap GUI DLL Hijacking (zenmap.exe) Fyodor (Sep 18)