Breaking The SetDllDirectory Protection Against Binary Planting

An old unfixed Windows functional bug was just upgraded to a security bug. Our researchers have discovered that Windows' inability to consistently expand environment variables in user and system PATH breaks the binary planting protection provided by the SetDllDirectory function. The article...

Microsoft Windows based applications may insecurely load dynamic libraries

Overview Some applications for Microsoft Windows may use unsafe methods for determining how to load DLLs. As a result, these applications can be forced to load a DLL from an attacker-controlled source rather than a trusted location. Description Dynamically Linked Libraries DLLs are executable...