mailing list archives
Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)
From: paul.szabo () sydney edu au
Date: Thu, 9 Sep 2010 09:36:06 +1000
Christian Sciberras <uuf6429 () gmail com> wrote:
MS issued a patch quite some time ago.
That is not a "patch", not installed by default: is only for
uber-geeks who manually install it. Was issued a week ago, in
response to this kerfuffle, not "quite some time ago".
Which setting of CWDIllegalInDllSearch did you choose: was it
0xFFFFFFFF which may be "safe", but is known to break Outlook
(and others), as noted in
DLL hijacking vulnerabilities
(geeks can add further tweaks to the registry to fix).
Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll), (continued)