Related information

Microsoft Windows multiple applications DLL hijacking

ESA-2011-039: RSA(r), The Security Division of EMC, announces security fixes and improvements for RSASecurID(r) Software Token 4.1 for Microsoft(r)W indows(r)

Foxit Reader Insecure Library Loading

PDFill Insecure Library Loading

Silently Pwning Protected-Mode IE9 and Innocent Windows Applications

From:	ACROS Security <lists_(at)_acros.si>
Date:	28.10.2010
Subject:	Breaking The SetDllDirectory Protection Against Binary Planting

An old unfixed Windows functional bug was just upgraded to a security bug. Our
researchers have discovered that Windows' inability to consistently expand
environment variables in user and system PATH breaks the binary planting protection
provided by the SetDllDirectory function. The article describes how already fixed
iTunes and Safari - both using SetDllDirectory - can again be successfully
binary-planted due to this bug. This time it's not Apple's fault.

http://blog.acrossecurity.com/2010/10/breaking-setdlldirectory-protection.html

Pleasant reading,

Mitja Kolsek
CEO&CTO

ACROS, d.o.o.
Makedonska ulica 113
SI - 2000 Maribor, Slovenia
tel: +386 2 3000 280
fax: +386 2 3000 282
web: http://www.acrossecurity.com

ACROS Security: Finding Your Digital Vulnerabilities Before Others Do