I’ve come up with two common-sense ideas for avoiding DLL Hijack attacks. Nothing high-tech or fancy. No Registry changes that may break other apps. J
[See the full post at: Avoiding DLL Hijacks]
![]() |
There are isolated problems with current patches, but they are well-known and documented on this site. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
-
Avoiding DLL Hijacks
Home » Forums » Newsletter and Homepage topics » Avoiding DLL Hijacks
- This topic has 6 replies, 3 voices, and was last updated 14 years, 8 months ago.
Tags: DLL hijacking
AuthorTopicViewing 5 reply threadsAuthorReplies-
Randall
GuestAugust 29, 2010 at 1:41 am #57859Woody,
Great tips that everyone can easily do! Thanks for posting this.
Your article also mentions that corporates have their firewall set to avoid most WebDAV and SMB problems. I’m not clear whether home users are likely to run into WebDAV and SMB.
Should we be using the non-registry changes suggested by Microsoft (to disable the WebClient service and block ports 139 and 445?
Or is this WebDav and SMB stuff unlikely to apply to a home user?
Thanks again for your good advice
Randall -
woody
Manager -
rc primak
GuestAugust 29, 2010 at 12:40 pm #57861I sometimes download Zipped Folders for running non-installed applications on my computers. Does the mere act of Extracting All from a Zipped Folder risk running a rogue DLL? Or can I Extract All, then identify the pest and zap it before it can do any harm?
Of course, if I EVER find an infected file in a Zipped archive being offered as a non-installed Application, I would be inclined to stop doing business with the offending web site or author.
-
woody
ManagerAugust 30, 2010 at 5:45 pm #57862@RC –
Unzipping won’t do it, except in a weird way. I see that IZARC is listed as a program susceptible to DLL Hijacking, with the automatically called program ztv7z.dll. (See http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/ )
This gets complicated, but if you have IZARC set up as your default ZIP handler, and you have a ZIP file sitting in the same folder as a jiggered ztv7z.dll file, when you double-click on the ZIP file, your machine runs the bogus ztv7z.dll program.
So in that (rare) instance, yes, unzipping a file can run a bad program.
-
rc primak
GuestAugust 30, 2010 at 11:31 pm #57863I find on the list (which is hardly complete) most troubling the listing for NVidia Drivers. That could lead to a hardware or firmware infection. Very troubling.
Also, Avast is probably not the only security product which has a vulnerability, but I don’t like seeing it there either.
Notably, VLC Player has recently been patched to eliminate this vulnerability. Good on VideoLAN for that one!
-
EP
AskWoody_MVPSeptember 25, 2010 at 6:53 am #57864Microsoft has released the KB2264107 patches that may deal with the DLL Hijacking problem:
http://support.microsoft.com/kb/2264107the 2264107 updates will be published at the Windows Update site on Tuesday Sept. 28.
Viewing 5 reply threads -

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Search Newsletters
Search Forums
View the Forum
Search for Topics
Recent Topics
-
What is wrong with simple approach? (Awaiting moderation)
by
WSSpoke36
35 minutes ago -
Frustrating search behavior with Outlook
by
MrJimPhelps
3 hours, 57 minutes ago -
June 2025 Office non-Security Updates
by
PKCano
7 hours, 10 minutes ago -
Secure Boot Update Fails after KB5058405 Installed
by
SteveIT
2 hours, 31 minutes ago -
Firefox Red Panda Fun Stuff
by
Lars220
7 hours, 6 minutes ago -
How start headers and page numbers on page 3?
by
Davidhs
17 hours, 30 minutes ago -
Attack on LexisNexis Risk Solutions exposes data on 300k +
by
Nibbled To Death By Ducks
12 hours, 5 minutes ago -
Windows 11 Insider Preview build 26200.5622 released to DEV
by
joep517
1 day, 2 hours ago -
Windows 11 Insider Preview build 26120.4230 (24H2) released to BETA
by
joep517
1 day, 2 hours ago -
MS Excel 2019 Now Prompts to Back Up With OneDrive
by
lmacri
15 hours, 54 minutes ago -
Firefox 139
by
Charlie
8 hours, 29 minutes ago -
Who knows what?
by
Will Fastie
3 hours, 1 minute ago -
My top ten underappreciated features in Office
by
Peter Deegan
1 day, 2 hours ago -
WAU Manager — It’s your computer, you are in charge!
by
Deanna McElveen
21 hours, 20 minutes ago -
Misbehaving devices
by
Susan Bradley
2 hours, 4 minutes ago -
.NET 8.0 Desktop Runtime (v8.0.16) – Windows x86 Installer
by
WSmeyerbos
2 days, 8 hours ago -
Neowin poll : What do you plan to do on Windows 10 EOS
by
Alex5723
6 hours, 13 minutes ago -
May 31, 2025—KB5062170 (OS Builds 22621.5415 and 22631.5415 Out-of-band
by
Alex5723
2 days, 7 hours ago -
Discover the Best AI Tools for Everything
by
Alex5723
1 day, 6 hours ago -
Edge Seems To Be Gaining Weight
by
bbearren
1 day, 21 hours ago -
Rufus is available from the MSFT Store
by
PL1
2 days, 5 hours ago -
Microsoft : Ending USB-C® Port Confusion
by
Alex5723
3 days, 8 hours ago -
KB5061768 update for Intel vPro processor
by
drmark
1 day, 8 hours ago -
Outlook 365 classic has exhausted all shared resources
by
drmark
1 day, 7 hours ago -
My Simple Word 2010 Macro Is Not Working
by
mbennett555
3 days, 4 hours ago -
Office gets current release
by
Susan Bradley
3 days, 7 hours ago -
FBI: Still Using One of These Old Routers? It’s Vulnerable to Hackers
by
Alex5723
4 days, 21 hours ago -
Windows AI Local Only no NPU required!
by
RetiredGeek
4 days, 5 hours ago -
Stop the OneDrive defaults
by
CWBillow
4 days, 21 hours ago -
Windows 11 Insider Preview build 27868 released to Canary
by
joep517
5 days, 7 hours ago
Recent blog posts
Key Links
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.