NSIS: Nullsoft Scriptable Install System / Bugs / #1135 Need two more DLL preloads in stub WinMain (2.50)

#1135 Need two more DLL preloads in stub WinMain (2.50)

Milestone: 2.0 Series

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2016-02-01

Created: 2016-01-27

Creator: Stephen Wassell

Private: No

Version 2.50 has LoadSystemLibrary calls in the stub WinMain function (Source/exehead/Main.c:109), preloading some DLLs to avoid the DLL search path vulnerability. However there are two more that need to be preloaded to avoid the issue on unpatched Win7sp1. Adding the following lines before LoadSystemLibrary("UXTHEME") fixes it in our testing:

LoadSystemLibrary("PROFAPI");
LoadSystemLibrary("DWMAPI");

Discussion

Anders - 2016-02-01

How did you find this issue? Did you use fake dlls? RequestExecutionLevel admin or user? I'm unable to reproduce the issue with profapi.dll.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Need two more DLL preloads in stub WinMain (2.50)

Windows installer development tool

Group

Searches

Help

#1135 Need two more DLL preloads in stub WinMain (2.50)

Discussion