DLL hijacking vulnerabilities in Nirsoft tools

  • Thread starter ForgottenSeer 85179
  • Start date

scorpionv

Level 2
Apr 20, 2020
87
Using NirSoft tools in the home environment is safe (except maybe in the Downloads folder).
DLL hijacking is simply one of the secondary chains of the infection (but not the first).
Auto-run malware is rare nowadays, because of Windows settings introduced in Windows Vista SP2. There were dangerous autorun attacks based on icon shortcut exploits, but they were patched by Microsoft a few years ago. So, the infections via flash drives must assume that the user must manually run something. The DLL hijacking method is used mostly to hide the source of infection. The average user can be infected in a simpler way without DLL hijacking.

Thanks for the perspective, I was wondering how serious this threat is. Nirsoft has some helpful utilities, I like to keep these in my toolbox.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
This Nirsoft tools vulnerability is not important for home users, at all. The DLL hijacking is mostly used to hide the source of infection, so the user has to use the already infected device or has to be already infected. It is much simpler to infect someone without using DLL hijacking. If one is worried about it, then he/she should mitigate in the first place more popular and effective methods, like all possible autostart registry entries (one hundred or more ). (y)
Also, removing this vulnerability from NirSoft tools does not improve much the security, because the attackers usually do not use these tools for DLL hijacking, but Microsoft binaries.
It can be relevant for people who rely on anti-exe solutions.

If one is still worried, then he/she can simply check the Downloads folder for DLLs and remove them from there. This should be done not because of NirSoft tools, but because of other more popular application installers and portable applications.

Maybe the developer should avoid this vulnerability, but it would be too much to demand it for free tools. He probably thinks that this vulnerability is not important for non-security tools. It would be better if the developer explained it on the NirSoft website.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top