|
|
|
|
|
|
by shabble
5388 days ago
|
|
|
A bit of digging around suggests it's a DLL preloading attack which somehow convinces the target apps to load the local directory instance of the dll, rather than the system version. http://www.crn.com/news/security/226900204/microsoft-warns-u... has a bit of detail, but not specifically about this attack. I guess it's conceptually similar to doing something like export PATH=.:$PATH; cat foo.txt
where 'cat' is an executable file in the current dir.The actual linux equivalent would probably involve $LD_LIBRARY_PATH ($DYLD_LIBRARY_PATH on OSX, not sure about other unices). |
|
|