Closed Bug 1283794 Opened 5 years ago Closed 5 years ago
Multiple DLL's used by TB at startup are vulnerable to DLL preloading attacks
User Agent: Mozilla/5.0 (X11; Linux i686; rv:41.0) Gecko/20100101 Firefox/41.0 Steps to reproduce: Identified which DLL's are utilized by TB, peformed DLL preloading attack on each of the identified DLL's to determine which of the used DLL's were susceptible to preloading attacks. Verified if my test malicious DLL was loaded when executing FF. The DLL's susceptible to preloading attacks are: dwmapi.dll, dwrite.dll, dbghelp.dll, dbgcore.DLL, Dnsapi.dll, mscms.dll, dcomp.dll, AUDIOSES.DLL To replicate, place a malicious DLL(the test DLL was a DLL which opened Calc.exe) in the directory of thunderbird.exe and rename the DLL to any of the above mentioned DLL's and the malicious DLL will be executed when thunderbird.exe is executed. Actual results: 8 DLL's utilized by TB are vulnerable to DLL preloading attacks and can be successfully exploited such that the malicious DLL is executed by TB when stared. Expected results: The expected results were that my malicious DLL was executed when applying a preloading attack to the identified DLL's mentioned above.
OS: Unspecified → Windows 10
Hardware: Unspecified → x86_64
actually, bug 579593
Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: CVE-2010-3131
Hi there, Any insight as to why the 8 mentioned DLL's are preloadable?
You need to log in before you can comment on or make changes to this bug.