Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Microsoft released Security Advisory (2269637) Insecure Library Loading Could Allow Remote Code Execution.
The note refers to a tool that will help to detect this problem and programming guidelines on Dynamic-Link Library Security.
How do these guidelines translate to .NET development? I assume this only affects Platform Invoke.
Does this remain the recommended way to import system libraries?
DllImport("user32.dll")]
System DLLs like user32.dll are safe because they’re in the KnownDLLs list in the registry. If you try to load a DLL called
"user32", Windows is hard-coded to take the official copy from the system32 directory.