Initially identified fifteen years ago, and clearly articulated by a Microsoft Security Advisory, DLL hijacking is the practice of having a vulnerable application load a malicious library (allowing for the execution of arbitrary code), rather than the legitimate library by placing it at a preferential location as dictated by the Dynamic-Link Library Search Order which is a pre-defined standard on how Microsoft Windows searches for a DLL when the path has not been specified by the developer.Despite published advice on secure development practices to mitigate this threat, being available for several years, this still remains a problem
Related Posts
"Security Awareness Summit – After Action Report"
The 3rd annual Security Awareness Summit is overand I'm still attempting to digest all the…
"New Video of the Month – HIPAA / HITECH"
Every other month we post a new security awareness video for the community. For July…
"Security Champions Program – At the EU #SecAwareSummit"
Editor's Note: Cassie Clarkis a Security Community Manager for Salesforce. She is one of the…
