Tuesday, August 24, 2010
Windows DLL-loading security flaw puts Microsoft in a bind
Windows DLL-loading security flaw puts Microsoft in a bind: "The peculiar thing about all this is that this vulnerability has been known for a long time. The order in which directories are searched is documented, and has been documented for many years (that documentation dates back to 1998, and there are likely references that are older still, if one has any decade-old developer documents handy), and the dangers of using the current directory for loading libraries were explicitly highlighted a decade ago. As well as warning in the documentation about the dangers, Microsoft bloggers have also written about the issue in the past, telling developers how to avoid the problem"
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment