Remote Binary Planting
Variants:
Direct
Also Known As:
DLL Search Order Hijacking, Windows Insecure Library Loading
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Windows
Target Type:
Application
Affected Mechanisms:
Secure Design, Hardening
Invented In:
26/10/1999
Added In:
11/01/2015
Vector Operation Method:
Abuse the process in which windows locates the appropriate DLL to use for various file types to make it use a fake DLL with an identical name residing it the directory from which the application is interacting with significant files. Can be executed locally by sending multiple files, remotely via shares or in conjuration with malicious file upload in which multiple uploads stored in the same directory are parsed by a mechanism that relies on a DLL.
