no one is safe ...

DLL Hijacking

Advisories - DLL hijacking of some forensic and security related products

Die heutigen Tests einiger Forensik und Sicherheitsprodukte, die ich teilweise auch selber im Einsatz habe, brachten für mich einige überraschende und sogleich erschreckende Ergebnisse. Nahezu jedes der getesteten Produkte wies die DLL Hijacking Schwachstelle auf. Folgende Auflistung mit den Links zu den Advisories gibt eine kurze Übersicht:

Encase v6.15.0.82/6.16.2/6.17.0.90
# Filetype endump
# Advisory: http://www.s3cur1ty.de/m1adv2010-003

PGP Desktop 9.8 - 9.8.3 Build 4028
# Filetype pgp
# Advisory: http://www.s3cur1ty.de/m1adv2010-004

Advisory: Forensic Toolkit - Insecure Library Loading Allows Remote Code Execution (DLL Hijacking) [Update: 02.09.2010]

---------------------------------------------
Forensic Toolkit - Insecure Library Loading Allows Remote Code Execution (DLL Hijacking)
Date: 29.08.2010
---------------------------------------------

- Forensic Toolkit Description

Forensic Toolkit (FTK) is recognized around the world as the standard in computer forensics software. This court-validated digital investigations platform delivers cutting-edge computer forensic analysis, decryption and password cracking all within an intuitive and customizable interface.

Advisory: IBM Rational License Key Administrator - DLL Hijacking [Update: 30.08.2010]

---------------------------------------------
IBM Rational License Key Administrator - Insecure Library Loading Allows Remote Code Execution (DLL Hijacking)
Date: 29.08.2010
---------------------------------------------

- IBM Rational License Key Administrator Description

Advisory: Forensic CaseNotes - Insecure Library Loading Allows Remote Code Execution (DLL Hijacking)

---------------------------------------------
Forensic CaseNotes - Insecure Library Loading Allows Remote Code Execution (DLL Hijacking)
Date: 29.08.2010
---------------------------------------------

- Forensic CaseNotes Description

The purpose of CaseNotes is to provide a single lightweight application program to run on the Microsoft Windows platform to allow forensic analysts and examiners of any discipline to securely record their contemporaneous notes electronically.

- Insecure Library Loading Allows Remote Code Execution

Advisory: PGP Desktop 9.8 - Insecure Library Loading Allows Remote Code Execution (DLL Hijacking) [Update: 08.09.2010]

---------------------------------------------
PGP Desktop 9.8 - Insecure Library Loading Allows Remote Code Execution (DLL Hijacking)
Date: 29.08.2010
---------------------------------------------

- PGP Desktop Description