An old unfixed Windows functional bug was just upgraded to a security bug. Our researchers have discovered that Windows' inability to consistently expand environment variables in user and system PATH breaks the binary planting protection provided by the SetDllDirectory function. The article describes how already fixed iTunes and Safari - both using SetDllDirectory - can again be successfully binary-planted due to this bug. This time it's not Apple's fault. http://blog.acrossecurity.com/2010/10/breaking-setdlldirectory-protection.html Pleasant reading, Mitja Kolsek CEO&CTO ACROS, d.o.o. Makedonska ulica 113 SI - 2000 Maribor, Slovenia tel: +386 2 3000 280 fax: +386 2 3000 282 web: http://www.acrossecurity.com ACROS Security: Finding Your Digital Vulnerabilities Before Others Do
