 Sunday, April 26, 2020 in Security  1 Comment |  | The Nirsoft tools are probably known to many Windows users. What is less known: The tools come along with nasty DLL hijacking vulnerabilities and should rather be avoided.
The topic has been bogged down here for quite some time and I have put it off again and again. Because on the one hand the Nirsoft tools promise support for various Windows problems. And on the other hand I don`t have to bother the developer without need. On the other hand, there are serious DLL hijacking vulnerabilities in the tools, and the developer doesn`t care. So every user should know what he is getting into.
What are the Nirsoft tools?
The Nirsoft tools are a collection of helpful Windows programs for various tasks, which are available for free. Behind the tools is the developer Nir Sofer, who describes himself as an experienced developer with extensive knowledge of C++, .NET Framework, Windows API and reverse engineering of undocumented binary formats and encryption algorithms`. The tools are available on the website nirsoft.net. I myself have occasionally used one or the other program from the tool collection. All tools are portable programs and do not need to be installed.
The DLL hijacking vulnerabilities
It was the end of January 2020, when I came across the German article AdvancedRun 1.15 jetzt auch mit Kontextmenü-Eintrag published from the colleagues of deskmodder.de. This is a free tool from Nirsoft, with which you can start other programs with extended rights (administrator, system etc.). Actually a great thing, and since the tools are free of charge, the thought was there to present the whole thing in the blog.
borncity.com | |
|
