Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: firstname.lastname@example.org
Versions: Oracle Corporation
Product: Java update
We have discovered that the product “Java/Jucheck.exe” presents a big hole regarding a DLL hijacking;The basis of this exploit is the way in which Jucheck works and how it loads DLL files used by many applications, if an application calls a DLL without specifying an absolute path Windows will conduct a search for the DLL file in various set locations.This of course can and is being abused.