A known security issue (CVE-2016 - 0603) that affects many applications (from web browsers to antivirus products, and a host of others) can be exploited by "teasing" a .dll.
The technique is called DLL side-loading or hijacking and uses DLLs that have the same name as the original in specific locations on the target file system.
This type of attack is very old and allows the violation of legitimate applications by deceiving users. The technique was used a lot by crackers software. Let's say, a crack for Adobe Photoshop, which has been around for years now is amtlib.dll.
This file is an application file. But crackers can only switch a single byte, and they can activate the program!
Imagine what could happen if a malicious user, instead of changing a byte to activate the program, added their own malicious code to .dll….
Here is a small (probably incomplete) list of applications found to be vulnerable to this attack: Firefox, Google Chrome, Adobe Reader, 7Zip, WinRAR, OpenOffice, VLC Media Player, Nmap, Python, TrueCrypt, and Apple iTunes.
The vulnerabilities in the above software were discovered by the German researcher security Stefan Kanthak.
Mr Kanthak also appears to have paid close attention to anti-virus software installers. Below are some of the security products that are vulnerable to DLL hijacking: ZoneAlarm, Emsisoft Anti-Malware, Trend Micro, ESET NOD32, Avira, Panda Security, McAfee Security, Microsoft Security Essentials, Bitdefender, ScanNowUPnP Rapid7, Kaspersky and F-Secure.
All of the above (and perhaps many others) applications will have to release updates to protect their files from malicious users. Let's see how fast they will respond.
The only company that responded immediately was Oracle fixing the installers of the Java 6, 7, and 8 versions.
