- security News Forums
- > Scope of DLL security problem widens - U...
- > SafeDLLSearchMode does NOT protect
Posting 
Ben Bucksch, Ben Bucksch
(1 posting since 25 Aug 2010)
SafeDLLSearchMode does NOT protect 25 August 2010 23:58
The last paragraph is unfortunately wrong, which in this case is
dangerous.
What happens if for example the application tries to load a DLL that
exists only on newer versions of Windows? That (LoadLibrary() of such
DLLs) is a common way to make use of new features of the OS while
still being able to run on older OS. In that case, the DLL will not
be found in the system directories, so even with SafeDLLSearchMode,
it will still be searched in, found in and loaded from the current
directory. In which case the bug triggers.
On any recent Windows versions (XP SP2 and higher), it's active
anyway. On older Windows versions, the DLLs are very likely to be
missing. So, this is not a protection at all.
- Threaded View
- Flat View
