[Full-disclosure] KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)
YGN Ethical Hacker Group
lists at yehg.net
Tue Aug 31 20:28:47 BST 2010
The KeePass application is vulnerable to Insecure DLL Hijacking
Vulnerability. Similar terms that describe this vulnerability
have been come up with Remote Binary Planting, and Insecure DLL
2. PRODUCT DESCRIPTION
KeePass Password Safe is a free, open source, light-weight and
easy-to-use password manager for Windows. You can store your passwords
in a highly-encrypted database, which is locked with one master
password or key file.
3. VULNERABILITY DESCRIPTION
The KeePass application passes an insufficiently qualified path in
loading an external library, "dwmapi.dll"
when a user opens its associated file with extensions - "kdbx".
4. VERSIONS AFFECTED
2.12 and lower version family of 2.x
Tested Platform: Windows XP Service Pack 3 (Fresh Windows)
Attackers can trigger a successful exploit against a victim user in a
number of ways such as placing a malicious external
library file made as hidden attribute and a seemingly interesting file
in network shares, usb drives, file sharing networks,
social networks, ..etc
Fix version (i.e 2.13) has not been released yet but the latest patch
is available at:
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
10. DISCLOSURE TIME-LINE
08-29-2010: vulnerability discovered
08-29-2010: notified vendor
08-29-2010: patch released
09-01-2010: vulnerability disclosed
Original Advisory URL:
Workaround Solution: http://support.microsoft.com/kb/2264107
Unofficial DLL Hijacking List:
Full-Disclosure is hosted and sponsored by Secunia.