[tor-bugs] #12736 [Applications/Tor Browser]: DLL hijacking vulnerability in TBB
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Dec 20 12:29:42 UTC 2016
#12736: DLL hijacking vulnerability in TBB
------------------------------------------------+--------------------------
Reporter: underdoge | Owner: tbb-team
Type: defect | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-security, TorBrowserTeam201608 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------------------------+--------------------------
Comment (by boklm):
If there is some way to run Tor Browser with a current working directory
containing a malicious DLL, I am not sure that this DLL could be loaded,
as the current directory comes after the application directory and the
system directories in the search order, according to
https://msdn.microsoft.com/en-us/library/ms682586.aspx.
The only exceptions that I see that would allow loading a DLL from the
current directory seems to be that:
- the user disabled the SafeDllSearchMode option (which is enabled by
default in current versions of Windows)
- Tor Browser uses a DLL that is neither present in its application
directory, or in the Windows and System directories, but present in a
directory listed in the PATH environment variable.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12736#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list