Author Topic: Almost 300 Windows 10 executables vulnerable to DLL hijacking  (Read 645 times)

Offline ZorKas

  • Comodo's Hero
  • *****
  • Posts: 1740
Windows 10 Pro x64 Build 19042.964 - Comodo CIS Pro v.12.2.2.8012 - Linux 20.04

Offline liosant

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1520
  • GOD cure me epilepsy and atrophy - Sou brasileiro!
Re: Almost 300 Windows 10 executables vulnerable to DLL hijacking
« Reply #1 on: June 28, 2020, 09:21:45 AM »
it is not exact one vunerable, but DLLs system shared...
Comodo internet security protected against hijacking :-TU

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5141
Re: Almost 300 Windows 10 executables vulnerable to DLL hijacking
« Reply #2 on: June 28, 2020, 01:22:40 PM »
Quote
Comodo internet security protected against hijacking
CIS no longer protects against dll hijacking as the ability for HIPS to control dll loading was removed a long time ago.

You mean loading a DLL into memory? CIS is not supposed to or even designed to detect if you load a DLL into the process space of an application normally(without hooking or memory injection) except for rundll32.exe(Even this is going to change in the future versions).

By setting image execution control to aggressive and adding *.dll to execution list, you can receive alerts for DLLs but this is not really recommended/intended to be used and we will discontinue this ability in the future versions.

However, if you have a way to execute a standalone executable and bypass the image execution control, that means a flaw and let me know.


Egemen
« Last Edit: June 28, 2020, 01:25:39 PM by futuretech »

Offline liosant

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1520
  • GOD cure me epilepsy and atrophy - Sou brasileiro!
Re: Almost 300 Windows 10 executables vulnerable to DLL hijacking
« Reply #3 on: June 28, 2020, 05:00:46 PM »
apparently...
try exploited that "vulnerability" CIS protect although not to seem :D

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek