[16831] in bugtraq
Re: Double clicking on MS Office documents from Windows Explorer
daemon@ATHENA.MIT.EDU (John Lange)
Tue Sep 19 19:40:05 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Message-Id: <NEBBJGMGPMHBNOKCDLALKEJACAAA.lists@darkcore.net>
Date: Tue, 19 Sep 2000 14:54:24 -0500
Reply-To: johnl@clearoption.com
From: John Lange <lists@DARKCORE.NET>
X-To: "Timothy J. Miller" <cerebus@SACKHEADS.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <87bsxlbesc.fsf@zoot.kelly.aftd.af.mil>
Changing the search path for DLLs would break a good portion of windows
apps, especially legacy apps.
In my previous life as a windows programmer, often the trick to get some
older apps working was to find the older version of some DLL that it was
looking for and put it in the same directory as the application so it would
load those ones instead of whatever twisted version now exists in the
windows/system directory.
Thus I think we will be forced to live with this security hole though the OS
should be patched so that it never loads DLLs across network devices or at
least obeys the security settings of the machine.
Funny that I've known this for a very long time but never thought about
using it to load trojan DLLs.
John Lange
-----Original Message-----
From: Timothy J. Miller
Sent: Monday, September 18, 2000 3:56 PM
I suggest that this problem, and subsequent problems of this nature,
can be fixed simply by *not* looking in the current directory for
required DLLs.
-- Cerebus
