This is the mail archive of the
cygwin-developers
mailing list for the Cygwin project.
Re: DLL hijacking problem
- From: Andy Koppe <andy dot koppe at gmail dot com>
- To: cygwin-developers at cygwin dot com
- Date: Fri, 27 Aug 2010 14:46:25 +0100
- Subject: Re: DLL hijacking problem
- References: <20100827131614.GT6726@calimero.vinschen.de>
On 27 August 2010 14:16, Corinna Vinschen wrote:
> This DLL hijacking problem goes from simmering to boiling pretty fast
> right now:
> http://www.microsoft.com/technet/security/advisory/2269637.mspx
> The exploit DB fills rapidly in the last couple of days:
> http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=DLL+Hijacking&filter_author=&filter_platform=0&filter_type=0&filter_port=&filter_osvdb=&filter_cve=
>
> Given
> http://msdn.microsoft.com/en-us/library/ff919712%28VS.85%29.aspx
Oh my. Funnily enough, MSDN's "Using Run-Time Dynamic Linking"
example, which is linked to from the LoadLibrary and GetProcAddress
pages, still invokes LoadLibrary with a relative path.
Andy