Results for dll

Threat Research

An Analysis of the DLL Address Leaking Trick used by the “Double Kill” Internet Explorer Zero-Day exploit (CVE-2018-8174)

“Double Kill” is an Internet Explorer(IE) Zero-Day exploit which was discovered in the wild and fixed in the Microsoft May Patch. It exploits a use-after-free vulnerability of vbscript.dll to execute arbitrary code when a vulnerable system browses a malicious web page via IE. Multiple exploit kits have already added this exploit, and it is still active in the wild.

By Dehui Yin August 06, 2018

Industry Trends

A Crash Course In DLL Hijacking

Overview This week, we heard a lot about a DLL hijacking vulnerability from the security community. It began with a 0-day DLL hijacking in Microsoft Office which was discovered by an independent security researcher named Parvez Anwar. Shortly after, the website securify.nl published an article detailing this kind of attack and discussing the vast potential attack surface associated with DLLs and OLE. A dynamic link library (DLL) is a basic component in the Windows operating system. Certain DLLs will be loaded into Windows applications...

By Tien Phan December 10, 2015