Comments on: DLL-load Hijacking Vulnerability and MS09-014/MS09-015 http://www.rec-sec.com/2009/05/12/dll-hijacking-vulnerability/ a non-profit information security web site authored by Moshe Ben Abu (Trancer), focusing on vulnerability research, exploit development (mainly for the Metasploit Framework), web application security, information security and hacking news from around the world. Thu, 29 Apr 2010 13:25:27 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: Trancer http://www.rec-sec.com/2009/05/12/dll-hijacking-vulnerability/comment-page-1/#comment-968 Trancer Tue, 26 May 2009 22:42:47 +0000 http://www.rec-sec.com/?p=416#comment-968 wow, thanks! wow, thanks!

]]> By: Richard http://www.rec-sec.com/2009/05/12/dll-hijacking-vulnerability/comment-page-1/#comment-966 Richard Tue, 26 May 2009 15:19:39 +0000 http://www.rec-sec.com/?p=416#comment-966 Everytime i come back here I'm reminded why I added your site to my favourites:) Everytime i come back here I’m reminded why I added your site to my favourites:)

]]> By: Trancer http://www.rec-sec.com/2009/05/12/dll-hijacking-vulnerability/comment-page-1/#comment-959 Trancer Mon, 18 May 2009 17:00:34 +0000 http://www.rec-sec.com/?p=416#comment-959 Windows 2000 not vulnerable. Windows XP, 2003, Vista and 2008 (core installation too) are vulnerable.. Both 32-bit and 64-bit versions of each one. Regarding Windows 7.. I really don't know.. Haven't test it. See: http://www.microsoft.com/technet/security/bulletin/ms09-015.mspx#E5C Windows 2000 not vulnerable.
Windows XP, 2003, Vista and 2008 (core installation too) are vulnerable.. Both 32-bit and 64-bit versions of each one.
Regarding Windows 7.. I really don’t know.. Haven’t test it.

See: http://www.microsoft.com/technet/security/bulletin/ms09-015.mspx#E5C

]]> By: yuv http://www.rec-sec.com/2009/05/12/dll-hijacking-vulnerability/comment-page-1/#comment-958 yuv Mon, 18 May 2009 07:44:29 +0000 http://www.rec-sec.com/?p=416#comment-958 What Windows versions are vulnerable for this kind of attack ? What Windows versions are vulnerable for this kind of attack ?

]]> By: Trancer http://www.rec-sec.com/2009/05/12/dll-hijacking-vulnerability/comment-page-1/#comment-954 Trancer Thu, 14 May 2009 01:23:35 +0000 http://www.rec-sec.com/?p=416#comment-954 Once triggering the DLL-load hijacking vulnerability on an application, the hijacked DLL will run in this application privilege. And by that allowing privilege escalation. Once triggering the DLL-load hijacking vulnerability on an application, the hijacked DLL will run in this application privilege. And by that allowing privilege escalation.

]]> By: Qube http://www.rec-sec.com/2009/05/12/dll-hijacking-vulnerability/comment-page-1/#comment-953 Qube Thu, 14 May 2009 00:23:49 +0000 http://www.rec-sec.com/?p=416#comment-953 great post :D but this makes me wonder, why did Microsoft issued MS09-015 as a elevation of privilege vulnerability? "Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)" great post :D

but this makes me wonder, why did Microsoft issued MS09-015 as a elevation of privilege vulnerability?

“Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)”

]]> By: Trancer http://www.rec-sec.com/2009/05/12/dll-hijacking-vulnerability/comment-page-1/#comment-952 Trancer Wed, 13 May 2009 23:49:54 +0000 http://www.rec-sec.com/?p=416#comment-952 @anon - not necessarily. I've mentioned it in the post, like you, at first Microsoft also gave that argument - to place a file on the user's desktop, it have to be owned. But, using the Safari Carpet Bomb vulnerability or other methods as I suggested in the post ending, it is possible to place DLL files on user's boxes without owning them. @anon – not necessarily.
I’ve mentioned it in the post, like you, at first Microsoft also gave that argument – to place a file on the user’s desktop, it have to be owned.
But, using the Safari Carpet Bomb vulnerability or other methods as I suggested in the post ending, it is possible to place DLL files on user’s boxes without owning them.

]]> By: anon http://www.rec-sec.com/2009/05/12/dll-hijacking-vulnerability/comment-page-1/#comment-951 anon Wed, 13 May 2009 23:37:00 +0000 http://www.rec-sec.com/?p=416#comment-951 if an attacker can "place" a file on the users desktop, doesn't he already own the box? enlighten me if an attacker can “place” a file on the users desktop, doesn’t he already own the box?

enlighten me

]]> By: NadavN http://www.rec-sec.com/2009/05/12/dll-hijacking-vulnerability/comment-page-1/#comment-950 NadavN Wed, 13 May 2009 20:52:01 +0000 http://www.rec-sec.com/?p=416#comment-950 Interesting. I liked the demonstrations. It appears Microsoft just infinitely chasing its own tail. Interesting.

I liked the demonstrations. It appears Microsoft just infinitely chasing its own tail.

]]> By: Trancer http://www.rec-sec.com/2009/05/12/dll-hijacking-vulnerability/comment-page-1/#comment-949 Trancer Wed, 13 May 2009 10:40:00 +0000 http://www.rec-sec.com/?p=416#comment-949 It's not new that Microsoft isn't honest regarding their security patches and bulletins. Each Microsoft patch is chance to fix some undisclosed vulnerabilities, in addition to the vulnerabilities stated in the security bulletin. This is widely known as "silent fixes". It’s not new that Microsoft isn’t honest regarding their security patches and bulletins.
Each Microsoft patch is chance to fix some undisclosed vulnerabilities, in addition to the vulnerabilities stated in the security bulletin. This is widely known as “silent fixes”.

]]> By: John http://www.rec-sec.com/2009/05/12/dll-hijacking-vulnerability/comment-page-1/#comment-948 John Tue, 12 May 2009 19:18:36 +0000 http://www.rec-sec.com/?p=416#comment-948 Great post! you've got some serious accusations here, but since you have your findings to support them, I believe that this post deserves a massive exposure. Great post!
you’ve got some serious accusations here, but since you have your findings to support them, I believe that this post deserves a massive exposure.

]]>