According to a Heise Media report, the DLL binary planting vulnerability is not just limited to DLL files but affects EXE files.
The example given: An HTML file is saved along with a copy of a file called EXPLORE.EXE. The HTML file is opened and has a URI link embedded with the address file://. This will cause the browser to attempt to open EXPLORE.EXE from the local folder.
The current Microsoft workarounds for the DLL vulnerability only apply to DLL’s, not EXE’s.
See this news posting for additional information.
Information security continues to be a struggle against function, features and stopping bad things from happening. What are your thoughts about where this is going?
Thanks for reading & let’s continue to be good network citizens!