Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases
From: John Wiltshire <jw () QITS NET AU>
Date: Wed, 20 Sep 2000 09:54:09 +1000

The problem isn't that windows automatically looks in the same path as the
executable for libraries (which is what you are saying), but that windows
first searches the current directory ('.') for libraries to load.  Removing
the '.' from the path would solve this problem - there would be no reason
not to still search the same directory as the executable which would allow
alternate versions of DLLs to be loaded for different applications.

John Wiltshire


-----Original Message-----
From: John Lange [mailto:lists () DARKCORE NET]
Sent: Wednesday, 20 September 2000 5:54 am
To: BUGTRAQ () SECURITYFOCUS COM
Subject: Re: Double clicking on MS Office documents from Windows
Explorer may execute arbitrary programs in some cases


Changing the search path for DLLs would break a good portion of windows
apps, especially legacy apps.

In my previous life as a windows programmer, often the trick
to get some
older apps working was to find the older version of some DLL
that it was
looking for and put it in the same directory as the
application so it would
load those ones instead of whatever twisted version now exists in the
windows/system directory.

Thus I think we will be forced to live with this security hole
though the OS
should be patched so that it never loads DLLs across network
devices or at
least obeys the security settings of the machine.

Funny that I've known this for a very long time but never thought about
using it to load trojan DLLs.

John Lange


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault