SecurityFocus

Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Feb 09 2004 06:24PM
Disclosure From OSSI (disclosure ossecurity ca) (4 replies)

RE: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Feb 09 2004 10:42PM
Oliver Lavery (olavery pivx com)

RE: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Feb 09 2004 10:01PM
David Schwartz (davids webmaster com) (1 replies)

Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Feb 10 2004 03:51AM
Darren Reed (avalon caligula anu edu au) (1 replies)

Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Feb 10 2004 09:10PM
der Mouse (mouse Rodents Montreal QC CA) (3 replies)

Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Feb 11 2004 06:11AM
Darren Reed (avalon caligula anu edu au) (1 replies)

Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Feb 11 2004 07:07AM
der Mouse (mouse Rodents Montreal QC CA) (1 replies)

Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Feb 11 2004 08:44AM
Darren Reed (avalon caligula anu edu au) (1 replies)

Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Feb 11 2004 09:03AM
der Mouse (mouse Rodents Montreal QC CA)

Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Feb 11 2004 04:04AM
Glynn Clements (glynn clements virgin net)

Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Feb 11 2004 12:28AM
John D. Hardin (jhardin impsec org) (1 replies)

Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Feb 11 2004 04:56AM
der Mouse (mouse Rodents Montreal QC CA)

RE: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Feb 09 2004 07:31PM
Ward Taylor (rfdhomer windyplains com) (2 replies)

Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Feb 10 2004 04:40PM
Nexus (nexus patrol i-way co uk)

----- Original Message -----
From: "Ward Taylor" <rfdhomer (at) windyplains (dot) com [email concealed]>
To: <bugtraq (at) securityfocus (dot) com [email concealed]>
Sent: Monday, February 09, 2004 7:31 PM
Subject: RE: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet
Explorer

> Hi:
> There is a win2k registry setting which allows the default .dll search
order
> to be changed.

Out of curiosity, does that override the 0 byte .exe.local file trick to
force the application to search the local directory for the .dll first ?
http://www.jsiinc.com/subf/tip2600/rh2606.htm

Cheers.

[ reply ]

Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Feb 10 2004 10:31AM
Peter Pentchev (roam ringlet net)

Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer Feb 09 2004 07:20PM
Seth Arnold (sarnold wirex com)