[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #12736 [Applications/Tor Browser]: DLL hijacking vulnerability in TBB
#12736: DLL hijacking vulnerability in TBB
------------------------------------------------+--------------------------
Reporter: underdoge | Owner: tbb-team
Type: defect | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-security, TorBrowserTeam201608 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------------------------+--------------------------
Comment (by boklm):
If there is some way to run Tor Browser with a current working directory
containing a malicious DLL, I am not sure that this DLL could be loaded,
as the current directory comes after the application directory and the
system directories in the search order, according to
https://msdn.microsoft.com/en-us/library/ms682586.aspx.
The only exceptions that I see that would allow loading a DLL from the
current directory seems to be that:
- the user disabled the SafeDllSearchMode option (which is enabled by
default in current versions of Windows)
- Tor Browser uses a DLL that is neither present in its application
directory, or in the Windows and System directories, but present in a
directory listed in the PATH environment variable.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12736#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs