Researcher Finds Tens of Software Products Vulnerable To Simple Bug (softpedia.com)

Posted by timothy on Monday February 8, 2016 @07:10AM from the everything's-simple-to-somebody dept.

An anonymous reader writes: There's a German security researcher that is arduously testing the installers of tens of software products to see which of them are vulnerable to basic DLL hijacking. Surprisingly, many companies are ignoring his reports. Until now, only Oracle seems to have addressed this problem in Java and VirtualBox. Here's a short (probably incomplete) list of applications that he found vulnerable to this attack: Firefox, Google Chrome, Adobe Reader, 7Zip, WinRAR, OpenOffice, VLC Media Player, Nmap, Python, TrueCrypt, and Apple iTunes. Mr. Kanthak also seems to have paid special attention to antivirus software installers. Here are some of the security products he discovered vulnerable to DLL hijacking: ZoneAlarm, Emsisoft Anti-Malware, Trend Micro, ESET NOD32, Avira, Panda Security, McAfee Security, Microsoft Security Essentials, Bitdefender, Rapid7's ScanNowUPnP, Kaspersky, and F-Secure.

4 of 162 comments (clear)

Min score:

Reason:

Sort:

What's a DLL? by Teun · 2016-02-08 07:12 · Score: 2, Funny

The obvious question is; what's a DLL?

--
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
1. Re:What's a DLL? by jones_supa · 2016-02-08 07:44 · Score: 3, Funny
  
  It's a shared object for a toy computer.
  Are you suggesting that Windows makes a toy computer? Wouldn't a toy GUI consist mostly of big colored squares, dumbed down applications, and a supervisor monitoring your usage patterns?
There are literally dozens of them... by Anonymous Coward · 2016-02-08 07:29 · Score: 3, Funny

DOZENS!
Re:Why is this a flaw in the app, and not the OS? by StormReaver · 2016-02-08 08:31 · Score: 4, Funny

...because I assumed that Windows behaved more ... sanely.
After all these years, why the hell would you think that?