Maybe you could carefully read those documentation and review ICS code to
see if it needs some improvement. If improvment is needed, then propose some
changes. Don't forget the gold rule: change in ICS must not break any
existing code.
--
francois.pie...@overbyte.be
The author of the freeware multi-tier middleware MidWare
The author of the freeware Internet Component Suite (ICS)
http://www.overbyte.be
----- Original Message -----
From: "Zvone" <pha...@gmail.com>
To: "ICS support mailing" <twsocket@elists.org>
Sent: Saturday, September 04, 2010 1:45 AM
Subject: [twsocket] New DLL hijacking vulnerability KB 2269637
It appears that this new vulnerability requires programs to adopt
secure DLL loading. As Microsoft says they can't fix the issue by
patching Windows as it would mess up a lot of programs so it is up to
programmers to fix it in their own programs.
This applies to all programs that load external libraries (DLL files)
one way or another - so it applies to ICS as well as it loads
SSLEAY32.DLL and other DLL's
The solution is to load DLL files in a secure manner as described here:
Dynamic-Link Library Security - how to load libraries securely:
http://msdn.microsoft.com/en-us/library/ff919712%28VS.85%29.aspx
More info about this vulnerability:
Microsoft Security Advisory (2269637):
http://www.microsoft.com/technet/security/advisory/2269637.mspx
http://www.f-secure.com/weblog/archives/00002018.html
Google search on this issue:
http://www.google.com/search?q=KB+2269637
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
