| [AD] [ alleg-Bugs-3109312 ] DLL hijacking |
[ Thread Index |
Date Index
| More lists.liballeg.org/allegro-developers Archives
]
Bugs item #3109312, was opened at 2010-11-15 12:15
Message generated for change (Tracker Item Submitted) made by tjaden
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105665&aid=3109312&group_id=5665
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Windows
Group: 4.9
Status: Open
Resolution: None
Priority: 8
Private: No
Submitted By: Peter Wang (tjaden)
Assigned to: Nobody/Anonymous (nobody)
Summary: DLL hijacking
Initial Comment:
I believe Allegro is vulnerable to DLL hijacking due to calling LoadLibrary with unqualified file names. An attacker may ask the victim to open a file with an Allegro application that the victim has installed. Also in that directory is a malicious copy of a DLL that Allegro loads at runtime. This could over a network share, and the malicious DLL may be hidden.
The solution would be to ensure that we only load DLLs from "trusted" locations: the system directories, or the directory containing the application executable or Allegro main DLL (if possible).
References:
http://www.microsoft.com/technet/security/advisory/2269637.mspx
http://msdn.microsoft.com/en-us/library/ff919712(VS.85).aspx
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105665&aid=3109312&group_id=5665