drive-by downloads to conduct the well-known and
CAPEC-471: Search Order Hijacking
listed in the
against the well-known and well-documented weaknesses
CWE-426: Untrusted Search Path
CWE-427: Uncontrolled Search Path Element
listed in the
present in almost all executable installers,
self-extracting executable archives
portable applications built for
Windows®, despite the instructions
given in the
Dynamic-Link Library Security
Dynamic-Link Library Search Order,
the Security Advisory
If you miss anything here, have additions, comments, corrections,
criticism or questions, want to give feedback, hints or tipps,
report broken links, bugs, deficiencies, errors, inaccuracies,
misrepresentations, omissions, shortcomings, vulnerabilities or
weaknesses, …: don’t hesitate to
and feel free to ask, comment, criticise, flame, notify or report!
Note: email in weird format and without a proper
sender name is likely to be discarded!
even weirder formats too) in email, I prefer to receive plain text.
I also expect to see your full (real) name as sender, not your
I abhor top posts and expect inline quotes in replies.
Terms and Conditions
By using this site, you signify your agreement to these terms and
conditions. If you do not agree to these terms and conditions, do
not use this site!
- The software and the documentation on this site are provided
as is without any warranty, neither express nor
In no event will the author be held liable for any damage(s)
arising from the use of the software or the documentation.
- Permission is granted to use the current version
of the software and the current version of the
documentation solely for personal private and non-commercial
An individuals use of the software or the documentation in his or
her capacity or function as an agent, (independent) contractor,
employee, member or officer of a business, corporation or
organisation (commercial or non-commercial) does not qualify as
personal private and non-commercial purpose.
- Without written approval from the author the software or the
documentation must not be used for a business, for
commercial, corporate, governmental, military or organisational
purposes of any kind, or in a commercial, corporate, governmental,
military or organisational environment of any kind.
- Redistribution of the software and the documentation is allowed
only in unmodified form of its current version and
free of charge.
Data Protection Declaration
This web page records no (personal) data and stores no
cookies in the web browser.
The web service is operated and provided by
Telekom Deutschland GmbH
+49 800 5252033
The web service provider stores a
session cookie in the web
browser and records every visit of this web site with the
following data in an access log on their server(s):
- the (pseudonymised)
- the date and time of the request;
- the URL of
the requested web page or file;
- the Referer and User-Agent
headers sent by the web browser;
- the result (success or failure) of the request;
- the amount of data received and sent.
Copyright © 1995–2020 • Stefan Kanthak •