Mon Aug 23 12:49:11 EEST 2021

DLL hijacking: 21 years old and still alive

DLL hijacking: 21 years old and still alive

Trustworthy defense in depth: DLL hijacking

Wikipedia on DLL hijacking

Due to a vulnerability commonly known as DLL hijacking, DLL spoofing, DLL preloading or binary planting, many programs will load and execute a malicious DLL contained in the same folder as a data file opened by these programs.[11][12][13][14] The vulnerability was discovered by Georgi Guninski in 2000.[15] In August 2010 it gained worldwide publicity after ACROS Security rediscovered it again and many hundreds of programs were found vulnerable.[16] Programs that are run from unsafe locations, i.e. user-writable folders like the Downloads or the Temp directory, are almost always susceptible to this vulnerability.

Our original advisory is from Mon, 18 Sep 2000

The DLL hijacking is CVE-2000-0854

It was known since 2000-09-19 that third party programs are vulnerable too, e.g. Bugtraq: Exploit using Eudora and the Guninski hole

The nimbda worm was released on the same day and used the vulnerabilities in the advisory.

Searching the web returns many results since 2020 and a site Latest DLL Hijack news.

In other news from 2020 Almost 300 Wi ndows 10 executables vulnerable to DLL hijacking

Appears to us the vulnerability is so hard to fix it will live forever ⬛.

Posted by LD_PRELOAD | Permanent link