Tag Archives: Untrusted Library Loading

VMware Virtual Image Editing Framework – DLL Untrusted Library Loading Execution Code

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: VMware Virtual Image Editing Framework 4.0.0 build-111735
Date: 05/09/2011
Product: VMware Virtual Image Editing Framework
Vendor Notified: VMware Inc.

We have discovered that the product “VMware Virtual Image Editing Framework 4.0.0 build-111735″ presents a big hole as regard to DLL hijacking;The basis of this exploit is the way in which Python works and how it loads DLL files used by many applications, if an application calls a DLL without specifying an absolute path Windows will conduct a search for the DLL file in various set locations.

Python 3.2 – DLL Untrusted Library Loading Execution Code

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: Python 3.1 3.2 Pythonw
Date: 28/08/2011
Product: Python
Vendor: Notified

We have discovered that the product “Python 3.1 / 3.2″ presents a big hole as regard to DLL hijacking;The basis of this exploit is the way in which Python works and how it loads DLL files used by many applications, if an application calls a DLL without specifying an absolute path Windows will conduct a search for the DLL file in various set locations.


Real Player 14 – Untrusted Library Loading Execution Code

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: Real Player 14
Date: 25/08/2011
Product: Realplayer
Vendor: Notified


We have discovered that the product “Real Player 14″ presents a big hole regarding a DLL hijacking;The basis of this exploit is the way in which Real Player works and how it loads DLL files used by many applications, if an application calls a DLL without specifying an absolute path Windows will conduct a search for the DLL file in various set locations.This of course can and is being abused.

ArcSoft PhotoImpression – Untrusted Library Loading Execution Code

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: PhotoImpression 6
Date: 20/08/2011
Product: PhotoImpression/ CheckUpdate.exe
Vendor: ArcSoft


We have discovered that the product “ArcSoft / CheckUpdate.exe” presents a big hole regarding a DLL hijacking;The basis of this exploit is the way in which Arcsoft works and how it loads DLL files used by many applications, if an application calls a DLL without specifying an absolute path Windows will conduct a search for the DLL file in various set locations.This of course can and is being abused.

SUN Jucheck.exe – Untrusted Library Loading Execution Code

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: Oracle Corporation
Date: 17/08/2011
Product: Java update
Vendor: Notified
BugId: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7080023

We have discovered that the product “Java/Jucheck.exe” presents a big hole regarding a DLL hijacking;The basis of this exploit is the way in which Jucheck works and how it loads DLL files used by many applications, if an application calls a DLL without specifying an absolute path Windows will conduct a search for the DLL file in various set locations.This of course can and is being abused.

Pythonw Warnings.dll – Untrusted Library Loading Execution Code

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: Pythonw
Date: 16/08/2011
Product: Pythonw
Vendor: Notified

pythonw — run python script allowing GUI.
We have discovered that the product “Pythonw” presents a big hole regarding a DLL hijacking;The basis of this exploit is the way in which Pythonw works and how it loads DLL files used by many applications, if an application calls a DLL without specifying an absolute path Windows will conduct a search for the DLL file in various set locations.This of course can and is being abused.

Pythonw Types.dll – Untrusted Library Loading Execution Code

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: Pythonw
Date: 16/08/2011
Product: Pythonw
Vendor: Notified

pythonw — run python script allowing GUI.
We have discovered that the product “Pythonw” presents a big hole regarding a DLL hijacking;The basis of this exploit is the way in which Pythonw works and how it loads DLL files used by many applications, if an application calls a DLL without specifying an absolute path Windows will conduct a search for the DLL file in various set locations. This of course can and is being abused.

Pythonw Stat.dll – Untrusted Library Loading Execution Code

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: Pythonw
Date: 16/08/2011
Product: Pythonw
Vendor: Notified

pythonw — run python script allowing GUI.
We have discovered that the product “Pythonw” presents a big hole regarding a DLL hijacking;The basis of this exploit is the way in which Pythonw works and how it loads DLL files used by many applications, if an application calls a DLL without specifying an absolute path Windows will conduct a search for the DLL file in various set locations. This of course can and is being abused.

Pythonw Sitecustomize.dll – Untrusted Library Loading Execution Code

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: Pythonw
Date: 16/08/2011
Product: Pythonw
Vendor: Notified

pythonw — run python script allowing GUI.
We have discovered that the product “Pythonw” presents a big hole regarding a DLL hijacking;The basis of this exploit is the way in which Pythonw works and how it loads DLL files used by many applications, if an application calls a DLL without specifying an absolute path Windows will conduct a search for the DLL file in various set locations. This of course can and is being abused.

Pythonw Site.dll – Untrusted Library Loading Execution Code

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: Pythonw
Date: 16/08/2011
Product: Pythonw
Vendor: Notified

pythonw — run python script allowing GUI.
We have discovered that the product “Pythonw” presents a big hole regarding a DLL hijacking;The basis of this exploit is the way in which Pythonw works and how it loads DLL files used by many applications, if an application calls a DLL without specifying an absolute path Windows will conduct a search for the DLL file in various set locations. This of course can and is being abused.