Closed
Bug 1283794
Opened 8 years ago
Closed 8 years ago
Multiple DLL's used by TB at startup are vulnerable to DLL preloading attacks
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 579593
People
(Reporter: chris, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Linux i686; rv:41.0) Gecko/20100101 Firefox/41.0
Steps to reproduce:
Identified which DLL's are utilized by TB, peformed DLL preloading attack on each of the identified DLL's to determine which of the used DLL's were susceptible to preloading attacks. Verified if my test malicious DLL was loaded when executing FF.
The DLL's susceptible to preloading attacks are: dwmapi.dll, dwrite.dll, dbghelp.dll, dbgcore.DLL, Dnsapi.dll, mscms.dll, dcomp.dll, AUDIOSES.DLL
To replicate, place a malicious DLL(the test DLL was a DLL which opened Calc.exe) in the directory of thunderbird.exe and rename the DLL to any of the above mentioned DLL's and the malicious DLL will be executed when thunderbird.exe is executed.
Actual results:
8 DLL's utilized by TB are vulnerable to DLL preloading attacks and can be successfully exploited such that the malicious DLL is executed by TB when stared.
Expected results:
The expected results were that my malicious DLL was executed when applying a preloading attack to the identified DLL's mentioned above.
Reporter | ||
Updated•8 years ago
|
OS: Unspecified → Windows 10
Hardware: Unspecified → x86_64
Reporter | ||
Updated•8 years ago
|
Component: Untriaged → Security
Updated•8 years ago
|
Whiteboard: [dupme]
Comment 1•8 years ago
|
||
actually, bug 579593
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Whiteboard: [dupme]
Reporter | ||
Comment 2•8 years ago
|
||
Hi there,
Any insight as to why the 8 mentioned DLL's are preloadable?
Updated•6 years ago
|
Group: mail-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•