DLL hijacking vulnerability issue in Installshiled 2015 SP2
We are using Installshiled 2015 Professional Edition with service pack 2 for packaging our products. Recently we noticed DLL hijacking vulnerability in our setup file in win7 sp1 32 System.
Environment: System win7 sp1 32
Scenario: Malicious ntmarta.dll and our product_setup.exe are placed in the same directory. double-click to run installer. Triggering DLL Hijacking vulnerability and executing malicious DLL, and getting pop up "dll hijack!" dialog box
- Is there any specific Hot fix for the issue? I have tried this hot fix “InstallShield 2015 SP2 Hotfix IOJ-1829226 may be downloaded here” from this link. It doesn’t help us.
- Is this issue addressed in newer version? If yes, from which version onwards?
Please provide your suggestions on this. Thanks.
Hi @boopathi ,
Yes, you are correct. InstallShield 2015 SP2 Hotfix IOJ-1829226 for DLL hijacking vulnerability with Installshield 2015 SP2 built setups. This hotfix is built on top of Microsoft hotfix for the DLL hijacking vulnerability.
Inorder to work this hotfix effectively in older version of windows, required to install the microsoft hotfix. So, please check whether your machine is up to date with the latest hot fix available.
You can find more information on the Microsoft hotfix below: