Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: Real Player 14
Date: 25/08/2011
Product: Realplayer
Vendor: Notified

We have discovered that the product “Real Player 14″ presents a big hole regarding a DLL hijacking;The basis of this exploit is the way in which Real Player works and how it loads DLL files used by many applications, if an application calls a DLL without specifying an absolute path Windows will conduct a search for the DLL file in various set locations.This of course can and is being abused.

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: PhotoImpression 6
Date: 20/08/2011
Product: PhotoImpression/ CheckUpdate.exe
Vendor: ArcSoft

We have discovered that the product “ArcSoft / CheckUpdate.exe” presents a big hole regarding a DLL hijacking;The basis of this exploit is the way in which Arcsoft works and how it loads DLL files used by many applications, if an application calls a DLL without specifying an absolute path Windows will conduct a search for the DLL file in various set locations.This of course can and is being abused.

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: Oracle Corporation
Date: 17/08/2011
Product: Java update
Vendor: Notified
BugId: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7080023

We have discovered that the product “Java/Jucheck.exe” presents a big hole regarding a DLL hijacking;The basis of this exploit is the way in which Jucheck works and how it loads DLL files used by many applications, if an application calls a DLL without specifying an absolute path Windows will conduct a search for the DLL file in various set locations.This of course can and is being abused.

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: Pythonw
Date: 16/08/2011
Product: Pythonw
Vendor: Notified

pythonw — run python script allowing GUI.
We have discovered that the product “Pythonw” presents a big hole regarding a DLL hijacking;The basis of this exploit is the way in which Pythonw works and how it loads DLL files used by many applications, if an application calls a DLL without specifying an absolute path Windows will conduct a search for the DLL file in various set locations.This of course can and is being abused.

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: Pythonw
Date: 16/08/2011
Product: Pythonw
Vendor: Notified

pythonw — run python script allowing GUI.
We have discovered that the product “Pythonw” presents a big hole regarding a DLL hijacking;The basis of this exploit is the way in which Pythonw works and how it loads DLL files used by many applications, if an application calls a DLL without specifying an absolute path Windows will conduct a search for the DLL file in various set locations. This of course can and is being abused.

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: Pythonw
Date: 16/08/2011
Product: Pythonw
Vendor: Notified

pythonw — run python script allowing GUI.
We have discovered that the product “Pythonw” presents a big hole regarding a DLL hijacking;The basis of this exploit is the way in which Pythonw works and how it loads DLL files used by many applications, if an application calls a DLL without specifying an absolute path Windows will conduct a search for the DLL file in various set locations. This of course can and is being abused.