[sylpheed-announce:00119] About GTK+ (Windows) DLL hijacking vulnerability

Hiroyuki Yamamoto hiro-y at kcn.ne.jp
Tue Sep 6 16:10:28 JST 2011


Hello,

Recently, a vulnerability of GTK+ about DLL hijacking was made public.
(the fix has already been made last year)

http://jvn.jp/jp/JVN58019849/index.html

Sylpheed Win32 version uses GTK+ 2.10.14, so I've looked into the
source of GTK+ to check if it affects Sylpheed.

As a result, it affects Sylpheed as following:

1. GTK+(GDK) 2.10.14 does not have the affected code.

# gdk/win32/gdkevents-win32.c has a call of LoadLibrary(), but the
# portion of code will never be called

2. The GTK+ Windows theme module (libwimp.dll) has the code which will
   be affected by the vulnerability.

3. Sylpheed loads plug-in DLLs, but they are accessed with full path,
   so it is not vulnerable.

I have put the fixed module at the following location.
Please extract and overwrite it to your installed Sylpheed folder.

http://sylpheed.sraoss.jp/sylpheed/win32/sylpheed-win32-gtk-dllhijack-fix.zip

A fixed version of Sylpheed will be relased within several days.

Note: It is required to run Sylpheed with putting malicious DLL at the
same location as sylpheed.exe or its shortcut to make the attack
successful.

-- 
Hiroyuki Yamamoto <hiro-y at kcn.ne.jp>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://www.sraoss.jp/pipermail/sylpheed-announce/attachments/20110906/c905266a/attachment.sig>


More information about the Sylpheed-announce mailing list