DLL hijacking problem

Christopher Faylor cgf-use-the-mailinglist-please@cygwin.com
Fri Aug 27 13:38:00 GMT 2010

On Fri, Aug 27, 2010 at 03:16:14PM +0200, Corinna Vinschen wrote:
>This DLL hijacking problem goes from simmering to boiling pretty fast
>right now:
>The exploit DB fills rapidly in the last couple of days:
>I propose to change all calls to
>  LoadLibrary ("any-Win32-system.dll")
>to (basically) 
>  GetSystemDirectory (path);
>  strcat (path, "\\any-Win32-system.dll");
>  LoadLibrary (path);
>Or does anybody think this is overreacting?

No, I was thinking the same thing after seeing the discussion of the
problem in Slashdot.


More information about the Cygwin-developers mailing list