1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

MS' .DLL Fiasco

Discussion in 'Windows 7' started by Alias, Sep 8, 2010.

  1. Alias

    Alias Flightless Bird

    There are updates today for the MS .dll hacking problem for almost
    everything. I got the following programs needing the update:

    Firefox
    Seamonkey
    Thunderbird
    Skype
    Chrome

    There may be more programs needing the update, so check them.

    --
    Alias
     
  2. Frank

    Frank Flightless Bird

    alias gets desperate...again!...LOL!

    On 9/8/2010 9:31 AM, Alias wrote:
    > There are updates today for the MS .dll hacking problem for almost
    > everything. I got the following programs needing the update:
    >
    > Firefox
    > Seamonkey
    > Thunderbird
    > Skype
    > Chrome
    >
    > There may be more programs needing the update, so check them.
    >

    hehehe...getting really desperate huh?...LOL!
     
  3. Paul

    Paul Flightless Bird

    Alias wrote:
    > There are updates today for the MS .dll hacking problem for almost
    > everything. I got the following programs needing the update:
    >
    > Firefox
    > Seamonkey
    > Thunderbird
    > Skype
    > Chrome
    >
    > There may be more programs needing the update, so check them.
    >


    Looks like a regular release.

    https://wiki.mozilla.org/Releases/Firefox_3.6.9

    List of security fixes.

    http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.9

    If you look at the wording on this one, it's a shortcoming of the
    coding on Firefox, rather than being a flat out Windows issue.

    "Windows XP DLL loading vulnerability"
    http://www.mozilla.org/security/announce/2010/mfsa2010-52.html

    "Firefox attempts to load dwmapi.dll upon startup as part of its
    platform detection, so on systems that don't have this library,
    such as Windows XP, Firefox will subsequently attempt to load
    the library from the current working directory. An attacker
    could use this vulnerability to trick a user into downloading
    a HTML file and a malicious copy of dwmapi.dll into the same
    directory on their computer and opening the HTML file with
    Firefox, thus causing the malicious code to be executed.

    If the attacker was on the same network as the victim, the
    malicious DLL could also be loaded via a UNC path. The attack
    also requires that Firefox not currently be running when it
    is asked to open the HTML file and accompanying DLL."

    Note: Firefox users on Windows versions earlier than Vista <---- later than ???
    were not vulnerable to this attack because dwmapi.dll
    legitimately exists in Vista and later versions and
    is successfully loaded by Firefox before attempting
    to load the planted DLL."

    What that note doesn't explain, is for the Windows XP users this
    does apply to, how is Firefox downloading into the same directory
    as the executable ? My download folder is just a download folder.
    The place HTML files are downloaded, isn't the same place as the
    rest of the install directory, as far as I know. It would take
    some outright cleverness on the part of the user, to set the
    download directory so it was the same as the executable folder used
    by Firefox. Presumably, there are path loading rules, that prevent
    a tool from taking code from just anywhere.

    So this one strikes me, as being "a stretch". You have to go
    out of your way, to be vulnerable. And also, since this *is* a
    Windows 7 group, the Firefox bug doesn't apply to Windows 7.
    If you wanted to be sure, and you're on Windows 7, search
    your C: drive for dwmapi.dll and see if there is a copy already
    there that Firefox would be loading.

    *******

    With regard to Skype, do they have release notes of any merit ?
    I couldn't find anything interesting there.

    HTH
    Paul
     
  4. Gordon

    Gordon Flightless Bird

    On 08/09/2010 17:31, Alias wrote:
    > There are updates today for the MS .dll hacking problem for almost
    > everything. I got the following programs needing the update:
    >
    > Firefox
    > Seamonkey
    > Thunderbird
    > Skype
    > Chrome
    >
    > There may be more programs needing the update, so check them.
    >


    Not sure whether Skype was just a dll update - it said it was a MAJOR
    update!
     
  5. Alias

    Alias Flightless Bird

    On 09/08/2010 08:00 PM, Gordon wrote:
    > On 08/09/2010 17:31, Alias wrote:
    >> There are updates today for the MS .dll hacking problem for almost
    >> everything. I got the following programs needing the update:
    >>
    >> Firefox
    >> Seamonkey
    >> Thunderbird
    >> Skype
    >> Chrome
    >>
    >> There may be more programs needing the update, so check them.
    >>

    >
    > Not sure whether Skype was just a dll update - it said it was a MAJOR
    > update!


    And you think it's a coincidence that all those apps updated today?

    --
    Alias
     
  6. Alias

    Alias Flightless Bird

    On 09/08/2010 07:34 PM, Paul wrote:
    > Alias wrote:
    >> There are updates today for the MS .dll hacking problem for almost
    >> everything. I got the following programs needing the update:
    >>
    >> Firefox
    >> Seamonkey
    >> Thunderbird
    >> Skype
    >> Chrome
    >>
    >> There may be more programs needing the update, so check them.
    >>

    >
    > Looks like a regular release.
    >
    > https://wiki.mozilla.org/Releases/Firefox_3.6.9
    >
    > List of security fixes.
    >
    > http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.9
    >
    >
    > If you look at the wording on this one, it's a shortcoming of the
    > coding on Firefox, rather than being a flat out Windows issue.
    >
    > "Windows XP DLL loading vulnerability"
    > http://www.mozilla.org/security/announce/2010/mfsa2010-52.html
    >
    > "Firefox attempts to load dwmapi.dll upon startup as part of its
    > platform detection, so on systems that don't have this library,
    > such as Windows XP, Firefox will subsequently attempt to load
    > the library from the current working directory. An attacker
    > could use this vulnerability to trick a user into downloading
    > a HTML file and a malicious copy of dwmapi.dll into the same
    > directory on their computer and opening the HTML file with
    > Firefox, thus causing the malicious code to be executed.
    >
    > If the attacker was on the same network as the victim, the
    > malicious DLL could also be loaded via a UNC path. The attack
    > also requires that Firefox not currently be running when it
    > is asked to open the HTML file and accompanying DLL."
    >
    > Note: Firefox users on Windows versions earlier than Vista <---- later
    > than ???
    > were not vulnerable to this attack because dwmapi.dll
    > legitimately exists in Vista and later versions and
    > is successfully loaded by Firefox before attempting
    > to load the planted DLL."
    >
    > What that note doesn't explain, is for the Windows XP users this
    > does apply to, how is Firefox downloading into the same directory
    > as the executable ? My download folder is just a download folder.
    > The place HTML files are downloaded, isn't the same place as the
    > rest of the install directory, as far as I know. It would take
    > some outright cleverness on the part of the user, to set the
    > download directory so it was the same as the executable folder used
    > by Firefox. Presumably, there are path loading rules, that prevent
    > a tool from taking code from just anywhere.
    >
    > So this one strikes me, as being "a stretch". You have to go
    > out of your way, to be vulnerable. And also, since this *is* a
    > Windows 7 group, the Firefox bug doesn't apply to Windows 7.
    > If you wanted to be sure, and you're on Windows 7, search
    > your C: drive for dwmapi.dll and see if there is a copy already
    > there that Firefox would be loading.
    >
    > *******
    >
    > With regard to Skype, do they have release notes of any merit ?
    > I couldn't find anything interesting there.
    >
    > HTH
    > Paul



    See
    http://www.computerworld.com/s/article/9184019/Mozilla_fixes_Firefox_s_DLL_load_hijacking_bug

    regarding Firefox's update to fix the .dll problem.

    --
    Alias
     
  7. "Alias" <aka@masked&anonymous.com.¡nvalido> wrote in message
    news:i68jct$ln0$1@news.eternal-september.org...
    > On 09/08/2010 08:00 PM, Gordon wrote:
    >> On 08/09/2010 17:31, Alias wrote:
    >>> There are updates today for the MS .dll hacking problem for almost
    >>> everything. I got the following programs needing the update:
    >>>
    >>> Firefox
    >>> Seamonkey
    >>> Thunderbird
    >>> Skype
    >>> Chrome
    >>>
    >>> There may be more programs needing the update, so check them.
    >>>

    >>
    >> Not sure whether Skype was just a dll update - it said it was a MAJOR
    >> update!

    >
    > And you think it's a coincidence that all those apps updated today?
    >
    > --
    > Alias


    And you think it's a coincidence that almost NOBODY uses Ubuntu or Mint?
     

Share This Page