Out of curiosity, does anyone understand why it was a good idea in the first place to have icons pointing to a DLL instead of having a static icon name or icon id?
Well, the reason for having it was for Control Panel items. In such cases, you'd want the icon in sync with the Control Panel item's. Windows, in general, likes to keep its icons in one place and then reference them from somewhere.
Windows has a bug which was likely a design decision made in Windows 95 development (maybe earlier, Windows 3.1 had CPL applets also). Security wasn't taken as seriously in that era.
While evidently their bug fix was a little hacky, I guess re-designing how Control Panel applet icons are rendered was considered too big of a change for what was essentially a security patch.
Hopefully they kill classic Control Panel completely at some stage in the next few years. Windows 8, 8.1, and now 10 are going down that road but there are a lot of legacy Control Panel applets by third parties which they have to deal with somehow.
I am assuming that the code being run is the DllMain which is normally called during LoadLibrary. The proper fix would have been to just map the DLL into memory without running DllMain, since that is not necessary to read the icons.
Its still so surprising to me that human error is still occurring in security. Surely, companies/organisations should provide training to stop them form being insecure.
[+] [-] cm2187|11 years ago|reply
[+] [-] TazeTSchnitzel|11 years ago|reply
[+] [-] orkj|11 years ago|reply
"All we need to do is attach this usb stick and we can download all the files from their computer"
Well, almost, at least.
[+] [-] upofadown|11 years ago|reply
I have no words...
[+] [-] UnoriginalGuy|11 years ago|reply
While evidently their bug fix was a little hacky, I guess re-designing how Control Panel applet icons are rendered was considered too big of a change for what was essentially a security patch.
Hopefully they kill classic Control Panel completely at some stage in the next few years. Windows 8, 8.1, and now 10 are going down that road but there are a lot of legacy Control Panel applets by third parties which they have to deal with somehow.
[+] [-] ubercow13|11 years ago|reply
[+] [-] _nullandnull_|11 years ago|reply
[+] [-] gpvos|11 years ago|reply
[+] [-] SirHobo|11 years ago|reply
[+] [-] cm2187|11 years ago|reply