HITB Preview: Create a Binary Planting Application Without Writing a Single Line of Code

As the Hack In The Box conference in Kuala Lumpur is just around the corner, we'd like to announce a couple of previously undisclosed candies the attendees of our Remote Binary Planting – An Overlooked Vulnerability Affair session will receive.

As you may know, this binary planting bug in Apple iTunes is famous for triggering the whole DLL hijacking / binary planting / DLL preloading explosion that's been echoing around the Net for over a month now. We released the above advisory when Apple fixed the binary planting bug that allowed a remote attacker to get her malicious QUSEREX.DLL executed on users' computers. The vulnerable executable was AppleMobileDeviceHelper.exe (along with a number of others that also tried to load this DLL). Interestingly, iTunes.exe was already protected with a SetDllDirectory call, possibly as a result of the famous Safari-IE blended threat issue in 2008, where Safari and IE unwittingly colluded against users to execute malicious code on their computers.L33tdawg: There's still 48 hours to register online for the 8th annual HITBSecConf in Malaysia. Walk in registrations are accepted thereafter. Further details on Mitja Kolsek's Remote Binary Planting - An Overlooked Vulnerability Affair