BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP% Aug 11 2016 06:15PM
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

several of Microsoft's Sysinternals utilities extract executables
to %TEMP% and run them from there; the extracted executables are
vulnerable to DLL hijacking, allowing arbitrary code execution in
every user account and escalation of privilege in "protected
administrator" accounts [*].

* C...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus