Detections
Analytics

Microsoft Windows 'CWDIllegalInDllSearch' Registry Setting

info Nessus Plugin ID 48763

Language:

Synopsis

CWDIllegalInDllSearch Settings: Improper settings could allow code execution attacks.

Description

Windows Hosts can be hardened against DLL hijacking attacks by setting the The 'CWDIllegalInDllSearch' registry entry in to one of the following settings:

 - 0xFFFFFFFF (Removes the current working directory from the default DLL search order)

 - 1 (Blocks a DLL Load from the current working directory if the current working directory is set to a WebDAV folder)

 - 2 (Blocks a DLL Load from the current working directory if the current working directory is set to a remote folder)

See Also

http://www.nessus.org/u?0c574c56

http://www.nessus.org/u?5234ef0c

Plugin Details

Severity: Info

ID: 48763

File Name: smb_cwdindllsearchvalue_setting.nasl

Version: 1.7

Type: local

Agent: windows

Family: Windows

Published: 8/26/2010

Updated: 12/20/2019

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated