This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Revenera Community
- :
- InstallAnywhere
- :
- InstallAnywhere Knowledge Base
- :
- Windows loads a different library or launches a different executable than was intended by the author...
Subscribe
- Mark as New
- Mark as Read
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Windows loads a different library or launches a different executable than was intended by the author of an InstallAnywhere setup launcher executable
Windows loads a different library or launches a different executable than was intended by the author of an InstallAnywhere setup launcher executable
Summary
Several issues can, under very specific conditions, cause Windows to load a different library or launch a different executable than was intended by the author of a setup launcher executable.Synopsis
Several issues can, under very specific conditions, cause Windows to load a different library or launch a different executable than was intended by the author of a setup launcher executable.Referencing a library by less than its full path. Example: requesting to load the library,
schannel.dll
instead of,
C:\Windows\System32\schannel.dll
This can cause a DLL Preloading issue. If there is a library with the name earlier in the search path than the intended library, the unintended library will be loaded.
Referencing an executable by less than its full path. Example: requesting to launch the executable,
wmplayer.exe
instead of,
?C:\Program Files\Windows Media Player\wmplayer.exe?
This can cause a Binary Planting issue. If there is an executable with the name wmplayer.exe earlier in the search path than the intended executable, the unintended executable will be launched.
Referencing an executable by its full path, but not quoting that full path when it contains space characters. Example: requesting to launch the executable,
C:\Program Files\Windows Media Player\wmplayer.exe
instead of,
?C:\Program Files\Windows Media Player\wmplayer.exe?
This can cause an Unquoted Path issue. If there is an executable with one of the following names (in quotes), that unintended executable will be launched instead of the intended executable. The other parts of the path will be mistaken as parameters:
?C:\Program.exe? Files\Windows Media Player\wmplayer.exe
?C:\Program Files\Windows.exe? Media Player\wmplayer.exe
?C:\Program Files\Windows Media.exe? Player\wmplayer.exe
?C:\Program Files\Windows.exe? Media Player\wmplayer.exe
?C:\Program Files\Windows Media.exe? Player\wmplayer.exe
This is usually called an Unquoted Service Path issue because even though a programmer can forget to put quotes around the path when launching any executable in any context, this happens most often when a setup author configures a service to be started by Windows and forgets to quote the service?s path.
Naming an executable setup.exe
Discussion
For a computer to be affected by these issues, an unauthorized person must (a) be able to place a library or executable on the computer, (b) choose the correct name of the library or executable, and (c) in some cases precisely time the placement.
If the unauthorized person?s access allows them to launch an executable with the privileges necessary for that executable to have its intended effect, they would simply launch that executable directly instead of using these methods to launch their library or executable indirectly.
InstallAnywhere Hotfix IOJ-1756928
This issue has been published as CVE-2016-4560.Setup authors can avoid the DLL Preloading issue by (a) not creating setup launcher executables, or (b) by creating setup launcher executables built with InstallAnywhere Hotfix IOJ-1756928 and not using the name setup.exe for those executables. Setup launcher executables built using this hotfix call new Windows APIs which restrict the search path used to find libraries, even dependent libraries.
Setup authors can avoid the Binary Planting issue (a) by not creating setup launcher executables, or (b) by referencing the full path of each executable launched by a setup launcher executable.
Setup authors can avoid the Unquoted Service Path issue by quoting the full path of each executable which is registered as a service by a setup launcher executable.
InstallAnywhere Hotfix IOJ-1756928 may be downloaded from the following links:
Hotfix Installer for Windows
Hotfix Installer for Linux (32-bit)
Hotfix Installer for Linux (64-bit)
Hotfix Installer for Mac OS X
Hotfix Installer for Solaris Sparc
Setup authors can avoid the Binary Planting issue (a) by not creating setup launcher executables, or (b) by referencing the full path of each executable launched by a setup launcher executable.
Setup authors can avoid the Unquoted Service Path issue by quoting the full path of each executable which is registered as a service by a setup launcher executable.
InstallAnywhere Hotfix IOJ-1756928 may be downloaded from the following links:
Hotfix Installer for Windows
Hotfix Installer for Linux (32-bit)
Hotfix Installer for Linux (64-bit)
Hotfix Installer for Mac OS X
Hotfix Installer for Solaris Sparc
Additional Information
No ratings