What is the general term for an attack where an application loads a malicious library by abusing the library search order, enabling code execution?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

What is the general term for an attack where an application loads a malicious library by abusing the library search order, enabling code execution?

Explanation:
DLL hijacking occurs when an application loads a dynamic library by name instead of providing a full path. The operating system then searches a defined sequence of directories for a matching DLL. If an attacker can place a malicious DLL with the same name in one of those locations ahead of the legitimate one (for example in the app’s directory or a directory the user can influence), the application ends up loading the attacker’s DLL and executing its code with the app’s privileges. This is a code execution vector that abuses the library search order. This is distinct from other concepts: a buffer overflow is about corrupting memory to gain control, cross-site scripting involves injecting scripts into web pages viewed by users, and SQL injection targets databases by manipulating queries. Here the threat lies in loading the wrong library due to search-path behavior, not in memory corruption or input-injection flaws. Defenses include: using explicit, absolute paths when loading libraries, opting for secure loading flags or APIs that limit search paths, enabling SafeDllSearchMode, avoiding reliance on the current working directory, and signing or validating libraries so only trusted ones are loaded.

DLL hijacking occurs when an application loads a dynamic library by name instead of providing a full path. The operating system then searches a defined sequence of directories for a matching DLL. If an attacker can place a malicious DLL with the same name in one of those locations ahead of the legitimate one (for example in the app’s directory or a directory the user can influence), the application ends up loading the attacker’s DLL and executing its code with the app’s privileges. This is a code execution vector that abuses the library search order.

This is distinct from other concepts: a buffer overflow is about corrupting memory to gain control, cross-site scripting involves injecting scripts into web pages viewed by users, and SQL injection targets databases by manipulating queries. Here the threat lies in loading the wrong library due to search-path behavior, not in memory corruption or input-injection flaws.

Defenses include: using explicit, absolute paths when loading libraries, opting for secure loading flags or APIs that limit search paths, enabling SafeDllSearchMode, avoiding reliance on the current working directory, and signing or validating libraries so only trusted ones are loaded.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy