On 11/4/06, Joshua Gimer wrote:
If Microsoft is not planning on providing a fix for this until Vista, I can see a worm coming from this.
It's highly unlikely that this would be useful to the spreading of a worm. Worms infect computers over a network, relying either on remotely exploitable vulnerabilities that require no user interaction, or on vulnerabilities that require user interaction where it is easy to produce the necessary user action. Getting a malicious file into a user's path (or the system path) is nontrivial, and generally requires that something else be going on.
Forgive me if I don't know how this works in the windows world, but when it is looking for this DLL, does it take the first one that it finds within your path; like in UNIX? Or does it look in all directories within your path and then decide? I am guessing the former, but I am just clarifying.
It is the former--for libraries (DLLs) or executables (.exe, .com, .bat, .cmd, and so forth) the one that gets linked to or executed when the path is searched is the one that is in the earliest directory in the path (or the one that is in the working directory--unlike in *nix systems, in Windows the current directory--typically the directory that the calling program is located in--is searched first, before the path is consulted; you may see similar behavior in some *nix systems, but in such cases you will find that in actuality the directory "." is in the path). -Eliah
