- Revenera Community
- :
- InstallShield
- :
- InstallShield Forum
- :
- DLL hijacking vulnerability issue in Installshiled 2015 SP2
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
DLL hijacking vulnerability issue in Installshiled 2015 SP2
Hi,
We are using Installshiled 2015 Professional Edition with service pack 2 for packaging our products. Recently we noticed DLL hijacking vulnerability in our setup file in win7 sp1 32 System.
Environment: System win7 sp1 32
Scenario: Malicious ntmarta.dll and our product_setup.exe are placed in the same directory. double-click to run installer. Triggering DLL Hijacking vulnerability and executing malicious DLL, and getting pop up "dll hijack!" dialog box
Questions:
- Is there any specific Hot fix for the issue? I have tried this hot fix “InstallShield 2015 SP2 Hotfix IOJ-1829226 may be downloaded here” from this link. It doesn’t help us.
- Is this issue addressed in newer version? If yes, from which version onwards?
Please provide your suggestions on this. Thanks.
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Hi @boopathi ,
Yes, you are correct. InstallShield 2015 SP2 Hotfix IOJ-1829226 for DLL hijacking vulnerability with Installshield 2015 SP2 built setups. This hotfix is built on top of Microsoft hotfix for the DLL hijacking vulnerability.
Inorder to work this hotfix effectively in older version of windows, required to install the microsoft hotfix. So, please check whether your machine is up to date with the latest hot fix available.
You can find more information on the Microsoft hotfix below: