The DLL hijacking vulnerability will become 24 years old and is still alive
Roughly speaking, the DLL hijacking vulnerability in Windows is that opening a document may execute arbitrary code if certain libraries are present in the current working directory. The current working directory might be a network share.
It was publicly disclosed on Mon, 18 Sep 2000 by us on the Bugtraq mailing list 1: and on our site 2:
Wikipedia writes 3: “”“ The vulnerability was discovered by Georgi Guninski in 2000. In August 2010 it gained worldwide publicity after ACROS Security rediscovered it again and many hundreds of programs were found vulnerable. ”“”
It is worth noting that the NIMDA worm 4: 5: was released on the DLL hijacking public birthday, suggesting that the worm authors were familiar with the vulnerability before its public release.