zeonism
Posts: 13
Joined: Mon Sep 18, 2017 8:31 am

Malicious dll hijacking

Fri Nov 24, 2017 8:34 am

Hi Support,

Our application has recently conducted a series of penetration testing and has failed on one of the test item - DLL hijacking.
By placing a forged DLL (named msimg32.dll and it's written to launch calculator) with our application exe in the same folder and execute our software for installation will also trigger it to run the calculator.

My question is how do I prevent this from happening?

Below's the download URL for the test files please run our installer you will see the calculator is also launching.

https://www.dropbox.com/s/zx5kl09iu2n656e/zen.zip?dl=0

Andy

Daniel
Posts: 8237
Joined: Mon Apr 02, 2012 1:11 pm
Contact:  Website

Re: Malicious dll hijacking

Fri Nov 24, 2017 4:59 pm

Hello Andy,

Starting with Advanced Installer 12.7 we add a security function into the setup packages which should prevent such breaches. Can you please rebuild your setup package using AI 12.7 or a newer version and see if the issue still persists?

All the best,
Daniel
Daniel Radu - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

zeonism
Posts: 13
Joined: Mon Sep 18, 2017 8:31 am

Re: Malicious dll hijacking

Mon Nov 27, 2017 6:47 am

Hi Daniel,

Updated to 14.3 solved this issue, thanks a lot for your help.

Andy

Daniel
Posts: 8237
Joined: Mon Apr 02, 2012 1:11 pm
Contact:  Website

Re: Malicious dll hijacking

Mon Nov 27, 2017 10:07 am

You're always welcome Andy.

All the best,
Daniel
Daniel Radu - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Return to “Common Problems”