Didier Stevens

Thursday 26 August 2010

Quickpost: Ariad & DLL Preloading

Filed under: My Software,Quickpost,Vulnerabilities — Didier Stevens @ 12:11

I’m writing this quickpost just in case you hadn’t figured this out for yourself: the techniques I described to protect machines from the .LNK vulnerability also help you mitigate the DLL preloading issue.

The .LNK vulnerability mitigation examples I gave with Ariad (no file execute) and SRP prevent loading of DLLs from untrusted locations (USB sticks, network drives, …). These will also prevent DLLs from loading from untrusted sources in the case of DLL Preloading exploits.

Quickpost info

Blog at WordPress.com.