IT Trenches

Aug 24 2010   8:01PM GMT

Whak-a-mole testing for Microsoft DLL exploit



Posted by: Troy Tate
Tags:
application development
DLL
exploit
metasploit
Microsoft
Microsoft DLL
qa testing
vulnerability
vulnerability analysis

HD Moore of Metasploit fame has created a tool to identify applications which exhibit the DLL hijack flaw about which Microsoft recently released a security advisory. This tool in HD Moore’s own words

will turn a desktop PC into a game of whack-a-mole by launching the file handlers for every registered file type, while recording whether or not a DLL was accessed within the working directory of the associated file.

To find out more about this DLL hijack exploit test kit and to get the tool see HD’s blog.

This could be a serious issue so I am waiting to see what develops out here now that Metasploit has released a working exploit plugin also.

What are your thoughts on this vulnerability? Do you have Windows developers which may have created risks for your organization by poor development practices? Let me and other ITKE readers know about your experiences with this vulnerability and if you have used the DLL hijack exploit test tool and how your testing went. Thanks for reading and let’s continue to be good network citizens!

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: