[tbb-bugs] #12736 [Applications/Tor Browser]: DLL hijacking vulnerability in TBB

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Dec 20 12:29:42 UTC 2016


#12736: DLL hijacking vulnerability in TBB
------------------------------------------------+--------------------------
 Reporter:  underdoge                           |          Owner:  tbb-team
     Type:  defect                              |         Status:  new
 Priority:  High                                |      Milestone:
Component:  Applications/Tor Browser            |        Version:
 Severity:  Normal                              |     Resolution:
 Keywords:  tbb-security, TorBrowserTeam201608  |  Actual Points:
Parent ID:                                      |         Points:
 Reviewer:                                      |        Sponsor:
------------------------------------------------+--------------------------

Comment (by boklm):

 If there is some way to run Tor Browser with a current working directory
 containing a malicious DLL, I am not sure that this DLL could be loaded,
 as the current directory comes after the application directory and the
 system directories in the search order, according to
 https://msdn.microsoft.com/en-us/library/ms682586.aspx.

 The only exceptions that I see that would allow loading a DLL from the
 current directory seems to be that:
 - the user disabled the SafeDllSearchMode option (which is enabled by
 default in current versions of Windows)
 - Tor Browser uses a DLL that is neither present in its application
 directory, or in the Windows and System directories, but present in a
 directory listed in the PATH environment variable.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12736#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list