News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Blog Archives

  • Born, BleepingComputer: Malwarebytes fixes AdwCleaner, removing a DLL hijacking vulnerability

    Posted on December 20th, 2019 at 08:42 woody Comment on the AskWoody Lounge

    Günter Born is at it again. This time he found a DLL hijacking vulnerability in Malwarebytes’ AdwCleaner 8.

    If Windows shows unwanted programs or displaying unwanted ads after installing software possible adware has been involved. In order to clean the system of this unwanted programs, the tool Malwarebytes AdwCleaner may be used (its free for private use)…

    When AdwCleaner runs with administrative permissions, the code from the loaded DLL files is also executed as a process with administrative permissions. Normally this works well, because Windows does not find the DLL files in the folder of the program and then searches in the Windows folders. But if a malware knows that a tool has a DLL hijacking vulnerability for certain DLLs, it only needs to store a file with the same name in the folder containing the application.

    Born notified Malwarebytes on Dec. 10 and they sent him a beta copy of a new version. That version also had a major DLL hijacking problem. Ultimately, Malwarebytes released a smarter version 8.0.1 without the security hole on Wednesday.

    There’s a detailed explanation of the vulnerability and its resolution in this Lawrence Abrams post on BleepingComputer.