A known security issue (CVE-2016 – 0603) that affects many applications, (from web browsers to antivirus products, and a bunch of others) can be exploited by "tweaking" a .dll a bit.
The technique is called DLL side-loading or hijacking and uses DLLs that have the same name as the original in specific locations on the target file system.
This type of attack is very old and allows hacking legitimate applications by tricking users. The technique was heavily used by software crackers. Let's say, a crack for Adobe Photoshop, which has been around for years now is amtlib.dll.
This file is an application file. But crackers can only switch a single byte, and they can activate the program!
Imagine what could happen if a malicious user, instead of changing a byte to activate the program, added their own malicious code to .dll….
Here is a small (probably incomplete) list of applications found vulnerable to this attack: Firefox, Google Chrome, Adobe Reader, 7Zip, WinRAR, OpenOffice, VLC Media Player, Nmap, Python, TrueCrypt, and Apple's iTunes.
The vulnerabilities in these softwares were discovered by German security researcher Stefan Kanthak.
Mr. Kanthak seems to have given a special too caution στους εγκαταστάτες λογισμικού προστασίας από ιούς. Παρακάτωυ πάρχουν μερικά από τα προϊόντα ασφαλείας που είναι ευάλωτα στο DLL hijacking: ZoneAlarm, Emsisoft Anti-Malware, Trend Micro, ESET NOD32, Avira, Panda Security, McAfee Security, Microsoft Security Essentials, Bitdefender, ScanNowUPnP Rapid7, Kaspersky και F-Secure.
All of the above (and perhaps many others) applications will have to release updates to protect their files from malicious users. Let's see how fast they will respond.
The only company that responded immediately was Oracle fixing the installers of the Java 6, 7, and 8 versions.
