Microsoft Windows 'CWDIllegalInDllSearch' Registry Setting

This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.


Synopsis :

The remote Windows host is configured to prevent code execution
attacks.

Description :

The remote host is using one of the protections provided by Microsoft
KB2264107 to mitigate binary planting attacks. The
'CWDIllegalInDllSearch' registry entry has one of the following
settings :

- 0xFFFFFFFF (Removes the current working directory
from the default DLL search order)

- 1 (Blocks a DLL Load from the current working
directory if the current working directory is set
to a WebDAV folder)

- 2 (Blocks a DLL Load from the current working
directory if the current working directory is set
to a remote folder)

See also :

http://technet.microsoft.com/en-us/security/advisory/2269637
http://support.microsoft.com/kb/2264107

Solution :

n/a

Risk factor :

None

Family: Windows

Nessus Plugin ID: 48763 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now