Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP%
Aug 11 2016 06:15PM
Stefan Kanthak (stefan kanthak nexgo de)
several of Microsoft's Sysinternals utilities extract executables
to %TEMP% and run them from there; the extracted executables are
vulnerable to DLL hijacking, allowing arbitrary code execution in
every user account and escalation of privilege in "protected
administrator" accounts [*].
[ more ]
Copyright 2010, SecurityFocus