Professional UI Solutions
Site Map   /  Register
 
  

Forum

Please Log In to post a new message or reply to an existing one. If you are not registered, please register.

NOTE: Some forums may be read-only if you are not currently subscribed to our technical support services.

Forums » Prof-UIS Tech Support » Security vulnerability in prof-uis Collapse All
Subject Author Date
Adrian M Sep 28, 2010 - 2:27 PM

I came across this page http://www.securityfocus.com/bid/43468/references that shows a security vulnerability in prof-uis, Do you have a patch for it?

Thanks,

Adrian
Technical Support Sep 30, 2010 - 7:25 AM

Thank you for reporting the issue. Here is the exact description of all dynamic DLL loading cases inside Prof-UIS library.

1) UxTheme.dll module is loaded in the CExtUxTheme class constructor. It’s loaded only once during the g_PaintManager global smart pointer variable construction. It’s safe.

2) dwmapi.dll module is loaded in the CExtDWM class constructor. It’s loaded only once during the g_PaintManager global smart pointer variable construction. It’s safe.

3) msimg32.dll module is also loaded only once during the g_PaintManager global smart pointer variable construction. It’s safe.

4) CExtResourceManager::RscInstEntry::RscInstEntry() method loads resource DLLs for resource custom non-MFC searching algorithm implemented inside Prof-UIS resource manager. Prof-UIS does not load any additional resource DLLs. This API is for using in Prof-UIS based applications. The caller of this method should care about full DLL path specification to avoid DLL hijacking.

5) A debug version of CExtResPP::PreProcessPageTemplate() method loads COMCTL32.DLL. This is not a safe case. This is old diagnostic code presented in a debug build only. We removed it. So, this is FIXED.

6) The CExtPaintManager::stat_DllGetVersion() static method computes a version of a DLL file and uses LoadLibrary() Win32 API. This method is invoked in several places (mostly for computing the version of COMCTL32.DLL) and it’s not safe. We removed its invocations in all unsafe places. Now it’s invoked only once during global object initialization and it caches the version of COMCTL32.DLL module. So, this is FIXED.

7) SHLWAPI.DLL module is loaded in the CExtShellBase::stat_SHAutoComplete() static method during auto path completing. This is used inside the editor control of Prof-UIS file dialog. This case is not safe. We fixed it. The SHLWAPI.DLL module is now loaded during global object construction. So, this is FIXED.


Please drop us an e-mail to the support mail box at this web site so we can provide you with the source code update download information.
Adrian M Sep 28, 2010 - 2:28 PM

Replying just to get notified when there is a response.