* .Txt files are dangerous in Windows
Microsoft has published an important security bulletin MS11-071 describing the vulnerability in all versions of Windows.
The essence of the vulnerability is that if a user opens a .txt file from a network folder, then the malicious code from the .dll in the same network folder as the .txt file can run on its system. As a result, the attacker can get the same rights in the system as the user has. In addition to .txt, the vulnerability covers .rtf and .doc files.
Learn more about loading a DLL in Windows , as well as how to configure the registry for DLL search restrictions (CWDIllegalInDllSearch).
')
A similar “vulnerability” for Linux is associated with the use of LD_LIBRARY_PATH.
The essence of the vulnerability is that if a user opens a .txt file from a network folder, then the malicious code from the .dll in the same network folder as the .txt file can run on its system. As a result, the attacker can get the same rights in the system as the user has. In addition to .txt, the vulnerability covers .rtf and .doc files.
Learn more about loading a DLL in Windows , as well as how to configure the registry for DLL search restrictions (CWDIllegalInDllSearch).
')
A similar “vulnerability” for Linux is associated with the use of LD_LIBRARY_PATH.
Source: https://habr.com/ru/post/128628/
All Articles