HD Moore of Metasploit fame has created a tool to identify applications which exhibit the DLL hijack flaw about which Microsoft recently released a security advisory. This tool in HD Moore’s own words
will turn a desktop PC into a game of whack-a-mole by launching the file handlers for every registered file type, while recording whether or not a DLL was accessed within the working directory of the associated file.
To find out more about this DLL hijack exploit test kit and to get the tool see HD’s blog.
This could be a serious issue so I am waiting to see what develops out here now that Metasploit has released a working exploit plugin also.
What are your thoughts on this vulnerability? Do you have Windows developers which may have created risks for your organization by poor development practices? Let me and other ITKE readers know about your experiences with this vulnerability and if you have used the DLL hijack exploit test tool and how your testing went. Thanks for reading and let’s continue to be good network citizens!