DLL hijacking: How many products hits?

A known security issue (CVE-2016 - 0603) that affects many applications (from web browsers to antivirus products, and a host of others) can be exploited by "teasing" a .dll.broken chain

The technique is called DLL side-loading or hijacking and uses DLLs that have the same name as the original in specific locations on the target file system.

This type of attack is very old and allows for violation of legitimate applications by deceiving users. The technique was used too much by software crackers. Let's say, a crack for Adobe Photoshop that has been released for years now is amtlib.dll.olly DLL

This file is an application file. But crackers can only switch a single byte, and they can activate the program!

Imagine what could happen if a malicious user, instead of changing a byte to activate the program, added their own malicious code to .dll….

Here is a small (probably incomplete) list of applications found vulnerable to this attack: Firefox, Google Chrome, Adobe Reader, 7Zip, WinRAR, OpenOffice, VLC Media Player, Nmap, Python, TrueCrypt, and Apple's iTunes.
The vulnerabilities in these softwares were discovered by German security researcher Stefan Kanthak.

Mr Kanthak also seems to have paid special attention to anti-virus software installers. Below are some of the security products that are vulnerable to DLL hijacking: ZoneAlarm, Emsisoft Anti-Malware, Trend Micro, ESET NOD32, Avira, Panda Security, McAfee Security, Microsoft Security Essentials, Bitdefender, ScanNowUPnP Rapid7, Kaspersky and F-Secure.

All of the above (and perhaps many others) applications will have to release updates to protect their files from malicious users. Let's see how fast they will respond.

The only company that responded immediately was Oracle fixing the installers of the Java 6, 7, and 8 versions.

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).