DLL hijacking is a vaguely yawn-worthy attack. But sure, worthy of fixing.
But a document that causes MS Word to directly launch an EXE file from the same directory as the document is sure new to me!
I wonder how common it is to open documents from untrusted locations...
But a document that causes MS Word to directly launch an EXE file from the same directory as the document is sure new to me!
I wonder how common it is to open documents from untrusted locations...
Thanks to @buffaloverflow pointing out that with Office 2013 and earlier, all that's required is opening up a file directly from Firefox.
This (both file planting and vul trigger) requires a click to get out of Protected Mode, so I'm still trying to gauge how important this is...
This (both file planting and vul trigger) requires a click to get out of Protected Mode, so I'm still trying to gauge how important this is...
Again from the same resource: https://research.nccgroup.com/2016/01/05/remote-exploitation-of-microsoft-office-dll-hijacking-ms15-132-via-browsers/
Chromium-based browsers like Chrome and modern Edge download files w/o user interaction (WHY?!?) so this can be leveraged to pull off the attack on a system where everything is up do date.
Chromium-based browsers like Chrome and modern Edge download files w/o user interaction (WHY?!?) so this can be leveraged to pull off the attack on a system where everything is up do date.