Microsoft Windows DLL Search Path Weakness

The following is a demonstration provided by Georgi Guninski <> :

1) Download dll1.cpp from and build it. The compiled version is at:
2) Rename dll1.dll to riched20.dll
3) Place riched20.dll in a directory of your choice
4) Close all Office applications
5) From Windows Explorer double click on an Office document (preferably MS Word document) in the directory containg riched20.dll


Privacy Statement
Copyright 2010, SecurityFocus