{"id":4621,"date":"2010-08-25T10:52:38","date_gmt":"2010-08-25T08:52:38","guid":{"rendered":"http:\/\/www.corelan.be:8800\/index.php\/2010\/08\/25\/dll-hijacking-kb-2269637-the-unofficial-list\/"},"modified":"2010-08-25T10:52:38","modified_gmt":"2010-08-25T08:52:38","slug":"dll-hijacking-kb-2269637-the-unofficial-list","status":"publish","type":"post","link":"https:\/\/www.corelan.be\/index.php\/2010\/08\/25\/dll-hijacking-kb-2269637-the-unofficial-list\/","title":{"rendered":"DLL Hijacking (KB 2269637) - the unofficial list"},"content":{"rendered":"<p><a href=\"\/wp-content\/uploads\/2010\/08\/hijack2.jpg\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" style=\"border-right-width: 0px; margin: 0px 30px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px\" title=\"hijack\" border=\"0\" alt=\"hijack\" align=\"right\" src=\"\/wp-content\/uploads\/2010\/08\/hijack_thumb2.jpg\" width=\"97\" height=\"100\" \/><\/a> This page hosts an unofficial list of applications that are said to be vulnerable to the dll hijacking flaw (or feature or whatever you want to call it). Note that I did not test these applications myself.<\/p>\n<p>If you have found other applications to be vulnerable and want to add them to the list, send me a mail.<\/p>\n<blockquote>\n<p>Please note that I will not list instances where you have to <span style=\"text-decoration: underline\">replace<\/span> a dll in the application folders.&#160; I do not consider those examples to be valid cases of dll hijacking. (after all, if you have to replace a dll, you might as well replace the executable itself)<\/p>\n<\/blockquote>\n<p>You can use the list below to build a GPO \/ custom adm file \/.reg file, and alter the default dll loading behaviour for those applications, as explained here : <a href=\"https:\/\/web.archive.org\/web\/20150306211829\/http:\/\/support.microsoft.com\/kb\/2264107\">http:\/\/support.microsoft.com\/kb\/2264107<\/a>. I highly recommend looking at that page &amp; implement the workaround (in conjunction with other suggested workarounds, such as disabling Webclient service, blocking outbound smb traffic, blocking propfind method on proxy servers, etc)<\/p>\n<p>In addition to this, if you installed <a href=\"https:\/\/web.archive.org\/web\/20150306211829\/http:\/\/support.microsoft.com\/kb\/2264107\">the workaround<\/a> suggested by Microsoft, you can now use the <a href=\"http:\/\/blogs.technet.com\/b\/srd\/archive\/2010\/08\/31\/an-update-on-the-dll-preloading-remote-attack-vector.aspx\">Microsoft FixIt<\/a> Tool to further refine settings.&#160; You must have installed the <a href=\"https:\/\/web.archive.org\/web\/20150306211829\/http:\/\/support.microsoft.com\/kb\/2264107\">CWDIllegalInDllSearch<\/a> utility prior to using FixIt.<\/p>\n<p>&#160;<\/p>\n<h3>How to audit ?<\/h3>\n<p>If you want to test your own applications, have a look at <a href=\"http:\/\/blog.metasploit.com\/2010\/08\/exploiting-dll-hijacking-flaws.html\" target=\"_blank\" rel=\"noopener\">this<\/a> and <a href=\"http:\/\/blog.metasploit.com\/2010\/08\/better-faster-stronger.html\" target=\"_blank\" rel=\"noopener\">this<\/a> post on the metasploit blog. Make sure to grab the latest version of the audit package here or use svn update on your metasploit installation (and then copy the zip file from the external\/source folder to the windows system you want to audit)<\/p>\n<p><a href=\"http:\/\/www.leonardobotelho.com\/blog\/\" target=\"_blank\" rel=\"noopener\">b0telh0<\/a> made a small video, demonstrating the use of the audit kit, and how it can lead to an exploit : <a href=\"http:\/\/www.vimeo.com\/14442659\">http:\/\/www.vimeo.com\/14442659<\/a><\/p>\n<p>Alternatively, you can use <a href=\"http:\/\/securityxploded.com\/dllhijackauditor.php\" target=\"_blank\" rel=\"noopener\">DllHijackAuditor<\/a>. It was developed to overcome some of the limitations of the DllHijackAuditkit. More info about this tool can be found <a href=\"http:\/\/nagareshwar.securityxploded.com\/2010\/08\/30\/presenting-dllhijackauditor-smart-tool-to-audit-dll-hijack-vulnerability\/\" target=\"_blank\" rel=\"noopener\">here<\/a>.&#160; I highly recommend running this tool on your systems as well.<\/p>\n<p>&#160;<\/p>\n<h3>Potentially vulnerable applications :<\/h3>\n<table border=\"1\" bordercolor=\"#000000\" width=\"100%\" bgcolor=\"#ffffff\">\n<tbody>\n<tr>\n<td><strong><span style=\"text-decoration: underline\"><span style=\"color: #00ff40; font-size: medium\">Application<\/span><\/span><\/strong><\/td>\n<td><strong><span style=\"text-decoration: underline\"><span style=\"color: #00ff40; font-size: medium\">Version<\/span><\/span><\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">ADOBE<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Adobe Captivate (cp, cpt, cprr, cptl, fcz, rd, rdt)            <br \/><\/strong><em>(winpens.dll)<\/em><\/td>\n<td>3<\/td>\n<\/tr>\n<tr>\n<td><strong>Adobe Dreamweaver<\/strong><em>            <br \/>(mfc90loc.dll, mfc90ptb.dll(lang-dependent))<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14735\" target=\"_blank\" rel=\"noopener\">CS4<\/a> (&lt;= 10.0 build 4117)           <br \/><a href=\"http:\/\/www.exploit-db.com\/exploits\/14740\" target=\"_blank\" rel=\"noopener\">CS5<\/a> (&lt;= 11.0 build 4909)<\/td>\n<\/tr>\n<tr>\n<td><strong>Adobe ExtendedScript Toolkit            <br \/><\/strong><em>(dwmapi.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14785\/\" target=\"_blank\" rel=\"noopener\">CS5 v3.5.0.52<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Adobe Extension Manager (mxi,mxp)            <br \/><\/strong><em>(dwmapi.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14784\/\" target=\"_blank\" rel=\"noopener\">CS5 v5.0.298<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Adobe Photoshop<\/strong><em>            <br \/>(wintab32.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14741\" target=\"_blank\" rel=\"noopener\">CS2<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Adobe Fireworks<\/strong><\/td>\n<td>CS3, CS4 and CS5<\/td>\n<\/tr>\n<tr>\n<td><strong>Adobe Device Central<\/strong>           <br \/><em>(qtcf.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14755\" target=\"_blank\" rel=\"noopener\">CS5<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Adobe Illustrator (ait, eps)<\/strong>           <br \/><em>(aires.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14773\/\" target=\"_blank\" rel=\"noopener\">CS4 v14.0.0<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Adobe On Location (olproj)            <br \/><\/strong><em>(ibfs32.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14772\/\" target=\"_blank\" rel=\"noopener\">CS4 build 315<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Adobe Indesign (indl, indp, indt, inx)            <br \/><\/strong><em>(ibfs32.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14775\/\" target=\"_blank\" rel=\"noopener\">CS4 v6.0<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Adobe Premier (pproj, prfpset, prexport, prm, prmp, prpreset, prproj, prsl, prtl, vpr)            <br \/><\/strong><em>(ibfs32.dll)<\/em><\/td>\n<td>Pro CS4 314<\/td>\n<\/tr>\n<tr>\n<td><strong>Adobe Audition (audition.exe) (cdl, cel, dbl, dwd, pcm, sam, ses, smp, svx, vox)<\/strong>           <br \/><em>(assist.dll, ff_theora.dll, quserex.dll, skl_drv_mpg.dll)<\/em><\/td>\n<td>3.0.7283.0 (Win7 x64)<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; ALLADIN<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Aladdin eToken PKI Client (etc, etcp)            <br \/><\/strong><em>(wintab32.dll)<\/em><\/td>\n<td>5.0.0.65<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; AlTools<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>AlZip (all associated archive file formats)            <br \/><\/strong><em>(mfc90*.dll, propsys.dll)<\/em><\/td>\n<td>&lt;= 8.0.6.3<\/td>\n<\/tr>\n<tr>\n<td><strong>AlSee (ani, bmp, cal, hdp, jpe, mac, pbm, pcx, pgm, png, psd, ras, tga, tiff)<\/strong>           <br \/><em>(patchani.dll)<\/em><\/td>\n<td>&lt;= 6.20.0.1<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">APPLE<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Safari<\/strong>           <br \/><em>(dwmapi.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14756\" target=\"_blank\" rel=\"noopener\">&lt;= 5.0.1<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Quicktime Player (mac, pic, pntg, qtif)            <br \/><\/strong><em>(cfnetwork.dll, corefoundation.dll)<\/em><\/td>\n<td>&lt;= 7.64.17.13<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">ARCHICAD<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>ArchiCAD            <br \/><\/strong><em>(srcsrv.dll)<\/em><\/td>\n<td>13.0<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">AVAST<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Avast! (license file .avastlic)<\/strong><em>            <br \/>(mfc90loc.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14743\" target=\"_blank\" rel=\"noopener\">&lt;= 5.0.594<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">AVISCREEN<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Aviscreen Pro (just a lnk file to the app will do)            <br \/><\/strong><em>(iccvid.dll, ir32_32.dll, yuv_32.dll, msrle32.dll, msvidc32.dll, msyuv.dll, tsbyuv.dll, iacenc.dll, tsbyuv.dll)<\/em><\/td>\n<td>3.1<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; BITMANAGEMENT<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>BS Contact VRML\/X3D (bskey, bswrl, bxwrl, j2k, jp2, vrml, wrl, wrz, x3dvz, x3dv, x3dz, x3d)            <br \/><\/strong><em>(d3dref9.dll, siappdll.dll)<\/em><\/td>\n<td>&lt;= 7.218<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">BRAVA<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Brava PDF Reader (csf, pdf, sid, tiff, tif, xdl, xps)<\/strong>           <br \/><em>(dwmapi.dll)<\/em><\/td>\n<td>&lt;= 3.3.0.18<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; BREAKPOINT<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>HexWorkshop            <br \/><\/strong><em>(pe932d.dll, pe936d.dll, pegrc32d.dll)<\/em><\/td>\n<td>6.0.1.460.3<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; BS.Player<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>BS.player (mp3)<\/strong>           <br \/><em>(mfc71loc.dll, ehtrace.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14739\" target=\"_blank\" rel=\"noopener\">&lt;= 2.56<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">CAMTASIA<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Camtasia Studio (cmmp,cmmtpl,camproj,camrec)<\/strong><em>            <br \/>(dwmapi.dll)<\/em><\/td>\n<td>&lt;= 6 build 689<\/td>\n<\/tr>\n<tr>\n<td><strong>Camtasia Studio            <br \/><\/strong><em>(mfc90*.dll)<\/em><\/td>\n<td>7<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">CDISPLAY<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td>CDisplay (cba, cbr, cbt, cbz)          <br \/><em>(trace32.dll)<\/em><\/td>\n<td>1.8.10<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">CELFRAME<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>CelFrame Office Write (doc)<\/strong>           <br \/><em>(java_msci.dll, msci_java.dll)<\/em><\/td>\n<td>Office Suite 2008<\/td>\n<\/tr>\n<tr>\n<td><strong>CelFrame Office Spreadsheet (xls)            <br \/><\/strong><em>(java_msci.dll, msci_java.dll)<\/em><\/td>\n<td>Office Suite 2008<\/td>\n<\/tr>\n<tr>\n<td><strong>CelFrame Office Publisher (sla)<\/strong>           <br \/><em>(wintab32.dll)<\/em><\/td>\n<td>Office Suite 2008<\/td>\n<\/tr>\n<tr>\n<td><strong>CelFrame Office Draw (odg)            <br \/><\/strong>(<em>(java_msci.dll, msci_java.dll)<\/em><\/td>\n<td>Office Suite 2008<\/td>\n<\/tr>\n<tr>\n<td><strong>CelFrame Office Photo Album (plx)            <br \/><\/strong><em>(wintab32.dll)<\/em><\/td>\n<td>Office Suite 2008<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">CISCO<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Cisco Packet Tracer (pkt, pkz)<\/strong>           <br \/><em>(wintab32.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14774\/\" target=\"_blank\" rel=\"noopener\">5.2<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">CITRIX<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Citrix ICA Client&#160; (ica)<\/strong>           <br \/>(pncachen.dll, wfapi.dll)<\/td>\n<td>&lt;= v9.0.32649.0<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">COREL<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Corel Draw (cmx,csl)<\/strong>           <br \/><em>(crlrib.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14786\/\" target=\"_blank\" rel=\"noopener\">&lt;= X3 v13.0.0.576<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Corel PhotoPaint (cpt)            <br \/><\/strong><em>(crlrib.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14787\/\" target=\"_blank\" rel=\"noopener\">&lt;= X3 v13.0.0.576<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">CYBERLINK<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>PowerDirector (iso, pdl, p2g, p2i)            <br \/><\/strong><em>(mfc71*.dll)<\/em><\/td>\n<td><a href=\"http:\/\/extraexploit.blogspot.com\/2010\/08\/dll-hijacking-my-test-cases-on-default.html\">7<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Power2Go DVD (iso, pdl, p2g, p2i)            <br \/><\/strong><em>(mfc71*.dll)<\/em><\/td>\n<td><a href=\"http:\/\/extraexploit.blogspot.com\/2010\/08\/dll-hijacking-my-test-cases-on-default.html\">6<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; DAEMON TOOLS<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>DAEMON Tools Lite (mdf, mds, mdx)            <br \/><\/strong><em>(mfc80loc.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14791\" target=\"_blank\" rel=\"noopener\">4.35.6.0091<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; DVDFAB<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>DVDFab Platinum (dvdfab5, dvdfabplatinum5, dvdfabgold5, dvdfabmobile)<\/strong>           <br \/><em>(quserex.dll)<\/em><\/td>\n<td>5.2.3.2<\/td>\n<\/tr>\n<tr>\n<td><strong>DVDFab (dvdfab6, dvdfab*2*, dbdfabfilemover)            <br \/><\/strong><em>(dwmapi.dll,mfc90*.dll,nvcuda.dll,quserex.dll)<\/em><\/td>\n<td>7.0.4.0<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">E-PRESS<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>E-Press ONE Office Author (psw)            <br \/><\/strong><em>(java_mcsi.dll, mcsi_java.dll)<\/em><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>E-Press ONE Office E-NoteTaker (txt)            <br \/><\/strong><em>(mfc71*.dll)<\/em><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>E-Press ONE Office E-Zip (rar, tar)            <br \/><\/strong><em>(mfc71*.dll)<\/em><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">GDOC<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>gDoc Fusion (dwfx, jtx, pdf, xps)            <br \/><\/strong><em>(wintab32.dll, ssleay32.dll)<\/em><\/td>\n<td>&lt;= 2.5.1<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; GUIDANCE<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Encase (endump)            <br \/><\/strong><em>(rsaenh.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.s3cur1ty.de\/m1adv2010-003\">&lt;= 6.17.0.90<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; ETTERCAP<\/span><\/strong><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14762\" target=\"_blank\" rel=\"noopener\">&lt;= NG 0.7.3<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Ettercap            <br \/><\/strong><em>(wpcap.dll)<\/em><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">EZBSYSTEMS<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Ultra ISO            <br \/><\/strong><em>(daemon.dll)<\/em><\/td>\n<td>Premium 9.36<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">FORENSIC TOOLKIT<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Forensic Toolkit (ftk)<\/strong><\/td>\n<td><a href=\"http:\/\/www.s3cur1ty.de\/m1adv2010-007\">&lt;= v1.8.1.6<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">FOTOBOOK<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Fotobook Editor (dtp)            <br \/><\/strong><em>(fwpuclnt.dll)<\/em><\/td>\n<td>5.0 v2.8.0.1<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">GFI<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>GFI Backup (gbc,gbt)            <br \/><\/strong><em>(armaccess.dll)<\/em><\/td>\n<td>2009 Home Edition<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">GILLES VOLLANT<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>WinImage (bzw, dsk, img, imz, iso, vfd, wil, wlz)            <br \/><\/strong><em>(wnaspi32.dll)<\/em><\/td>\n<td>8.0.0.8000 (win7 x64)<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">GOOGLE<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Google Chrome<\/strong><em>            <br \/>(chrome.dll)<\/em><\/td>\n<td>latest<\/td>\n<\/tr>\n<tr>\n<td><strong>Google Earth (kmz)            <br \/><\/strong><em>(quserex.dll)<\/em><\/td>\n<td>&lt;= <a href=\"http:\/\/www.exploit-db.com\/exploits\/14790\/\" target=\"_blank\" rel=\"noopener\">v5.1.3535.3218<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; HTTRACK<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>WinHTTrack Website Copier (whtt)            <br \/><\/strong><em>(mfc71enu.dll, mfc71loc.dll)<\/em><\/td>\n<td>3.43-7<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">IBM<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Lotus Notes client (ndl,ns2,ns3,nsf,nsg,nsh,ntf)            <br \/><\/strong><em>(kernel32.dll)<\/em><\/td>\n<td>5.0.12<\/td>\n<\/tr>\n<tr>\n<td><strong>IBM Rational License Key Administrator (upd)            <br \/><\/strong><em>(ibfs32.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.s3cur1ty.de\/m1adv2010-006\">&lt; 7.0.0.0 (fixed in 7.0.0.0)<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Lotus Symphony Office Suite (odm, odt, otp, stc, stw, sxg, sxw)            <br \/><\/strong><em>(eclipse_1114.dll)<\/em><\/td>\n<td>&lt;= 3 beta 4<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">IDM COMPUTER SOLUTIONS<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>UltraEdit (bin, cpp, css, c, dat, hpp, html, h, ini, java, log, mak, php, prj, txt, xml)            <br \/><\/strong><em>(dwmapi.dll)<\/em><\/td>\n<td>&lt;= 16.10.0.1036<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; INKSCAPE<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Inkscape (svgz)            <br \/><\/strong><em>(quserex.dll)<\/em><\/td>\n<td>&lt;= 0.48.0 r9654<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">INTERVIDEO<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Intervideo WinDVD            <br \/><\/strong><em>(cpqdvd.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14753\" target=\"_blank\" rel=\"noopener\">5<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; INTUIT<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Quickbooks (des,qbo,qpg)            <br \/><\/strong><em>(dbicudtx11.dll, mfc90enu.dll, mfc90loc.dll)<\/em><\/td>\n<td>Pro 2010<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; IZARC<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>IZArc (all archive formats)<\/strong>           <br \/><em>(ztv7z.dll)<\/em><\/td>\n<td>&lt;= 4.1.2<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; JUNIPER \/ NCP<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>NCP Secure Client (pcf, spd, wge, wgx)            <br \/><\/strong><em>(dvccsabase002.dll, conman.dll, kmpapi32.dll)<\/em><\/td>\n<td>&lt;= 9.23.017<\/td>\n<\/tr>\n<tr>\n<td><strong>NCP Secure Entry Client (pcf, spd, wge, wgx)            <br \/><\/strong><em>(conman.dll, dvccsabase002.dll, kmpapi32.dll, ncpmon2.dll)<\/em><\/td>\n<td>&lt;= 9.23.017<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\"><font color=\"#008000\">&gt;&gt;&gt; KEEPASS<\/font><\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>KeePass Password Safe (kdb)            <br \/><\/strong><em>(bcrypt.dll)<\/em><\/td>\n<td>&lt;= 1.15          <br \/><strong><font color=\"#008000\">(fixed in 1.18)<\/font><\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>KeePass Password Safe (kdbx)            <br \/><\/strong><em>(<em>dwmapi.dll, bcrypt.dll<\/em>)<\/em><\/td>\n<td>&lt;= 2.12          <br \/><strong><font color=\"#008000\">(fixed in 2.13)<\/font><\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; KINETI<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Kineti Count (kcp)            <br \/><\/strong><em>(dwmapi.dll)<\/em><\/td>\n<td>1.0 beta<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; KINGSOFT<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Kingsoft Office Writer (doc, rtf)            <br \/><\/strong><em>(plgpf.dll)<\/em><\/td>\n<td>2010<\/td>\n<\/tr>\n<tr>\n<td><strong>Kingsoft Office Presentation (ppt)            <br \/><\/strong><em>(lpgpf.dll)<\/em><\/td>\n<td>2010<\/td>\n<\/tr>\n<tr>\n<td><strong>Kingsoft Office Spreadsheets (xls)            <br \/><\/strong><em>(plgpf.dll)<\/em><\/td>\n<td>2010<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; MAXTHON<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Maxthon Browser (htm, html, mhtml)            <br \/><\/strong><em>(dwmapi.dll)<\/em><\/td>\n<td>2.5.15.1000 Unicode<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; MEDIAMONKEY<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Mediamonkey (apl, fla, m4b, mmip, mp+, mpp)            <br \/><\/strong><em>(dwmapi.dll)<\/em><\/td>\n<td>3.2.0.1294<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; MEDIA PLAYER<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Mediaplayer Classic mpc<\/strong><em> (all formats)            <br \/>(iacenc.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14765\" target=\"_blank\" rel=\"noopener\">&lt;= 1.3.2189.0<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Media Player Classic (3gp, 3gp2, flv, m4b, m4p, m4v, mp4, spl)            <br \/><\/strong><em>(ehtrace.dll, iacenc.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14788\" target=\"_blank\" rel=\"noopener\">&lt;= v6.4.9.x<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">MICROCHIP<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>mplab IDE (mcp,mcw)            <br \/><\/strong><em>(mfc71*.dll)<\/em><\/td>\n<td>8.43<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">MICROSOFT<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>MS Powerpoint (odp,pot,potm,pptx,ppt,ppa,pps,ppsm,ppsx,pptm,pwz,sldm,sldx)            <br \/><\/strong><em>(2003 : ophookse4.dll)            <br \/>(pptimpconv.dll, pp7x32.dll,rpawinet.dll) - verified on 32 &amp; 64bit<\/em><\/td>\n<td>2003          <br \/><a href=\"http:\/\/www.exploit-db.com\/exploits\/14782\/\" target=\"_blank\" rel=\"noopener\">2007<\/a>           <br \/><a href=\"http:\/\/www.exploit-db.com\/exploits\/14723\" target=\"_blank\" rel=\"noopener\">2010<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>MS Word (docx)            <br \/><\/strong><em>(rpawinet.dll)<\/em><\/td>\n<td>2007<\/td>\n<\/tr>\n<tr>\n<td><strong>MS Virtual PC<\/strong> <strong>(vmc)<\/strong><em>            <br \/>(midimap.dll)<\/em><\/td>\n<td>2007<\/td>\n<\/tr>\n<tr>\n<td><strong>Ms Visio (vtx - 2003, vss - 2010)            <br \/><\/strong><em>(2003 - mfc71enu.dll, 2010 - dwmapi.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14744\" target=\"_blank\" rel=\"noopener\">2003<\/a>           <br \/>2010<\/td>\n<\/tr>\n<tr>\n<td><strong>MS Office Groove (wav, p7c)            <br \/><\/strong><em>(mso.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14746\" target=\"_blank\" rel=\"noopener\">2007<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>MS Windows Mail (nws)            <br \/><\/strong><em>(wab32res.dll)<\/em><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>MS Windows Live Email (eml,rss)            <br \/><\/strong><em>(dwmapi.dll, peerdist.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14728\" target=\"_blank\" rel=\"noopener\">&lt;= 14.0.8089.726<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>MS Movie Maker (flv, icon, mkv, mqv, mswmn, ogg, qt, wlmp)<\/strong>           <br \/><em>(hhctrl.ocx)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14731\" target=\"_blank\" rel=\"noopener\">&lt;= 2.6.4038.0<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>MS Vista Backup Manager (.wbcat)<\/strong>           <br \/><em>(fveapi.dll)<\/em><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>MS Internet Connection Signup Wizard<\/strong>           <br \/><em>(smmscrpt.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14754\" target=\"_blank\" rel=\"noopener\">latest<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>MS Internet Communication Settings (isp)            <br \/><\/strong><em>(schannel.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14780\/\" target=\"_blank\" rel=\"noopener\">latest<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>MS Group Convertor (grp)            <br \/><\/strong><em>(imm.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14758\/\" target=\"_blank\" rel=\"noopener\">latest<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>MS Clip Organizer (mpf)            <br \/><\/strong><em>(twcgst.dll)<\/em><\/td>\n<td>&lt;= 11.8164.8324 (XP SP3)<\/td>\n<\/tr>\n<tr>\n<td><strong>MS Clip Book Viewer            <br \/><\/strong><em>(mfaphook.dll)<\/em><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>MS Snapshot viewer (snp)<\/strong>           <br \/><em>(mfc71enu.dll, mfc71loc.dll)<\/em><\/td>\n<td>11<\/td>\n<\/tr>\n<tr>\n<td><strong>Windows Program Group \/ grpconv.exe (grp)<\/strong>           <br \/><em>(imm.dll)<\/em><\/td>\n<td><a href=\"https:\/\/web.archive.org\/web\/20171123101632\/https:\/\/www.exploit-db.com\/exploits\/14770\/\" target=\"_blank\" rel=\"noopener\">latest<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>MS Windows Address Book wab.exe\/Contacts (wab, p7c, contact, group, vcf)            <br \/><\/strong><em>(wab32res.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14745\/\" target=\"_blank\" rel=\"noopener\">XP<\/a>, <a href=\"http:\/\/www.exploit-db.com\/exploits\/14778\/\" target=\"_blank\" rel=\"noopener\">Vista<\/a>           <br \/>silently patched on Win7<\/td>\n<\/tr>\n<tr>\n<td><strong>MS RDP Client (rdp)            <br \/><\/strong><em>(dwmapi.dll - Win7, ieframe.dll - XPSP3)<\/em><\/td>\n<td>v6.1.7600.16385 (Win7)          <br \/>v6.0.6001.18000 (XP SP3)<\/td>\n<\/tr>\n<tr>\n<td><strong>MS Visual Studio devenv.exe (cur, rs, rct, res)            <br \/><\/strong><em>(NULL.dll)<\/em><\/td>\n<td>2008<\/td>\n<\/tr>\n<tr>\n<td><strong>wscript (jse) \/ (js, vbs)            <br \/><\/strong><em>(wshfra.dll) (traceapp.dll)<\/em><\/td>\n<td><a href=\"https:\/\/web.archive.org\/web\/20171123120437\/https:\/\/www.exploit-db.com\/exploits\/14794\/\" target=\"_blank\" rel=\"noopener\">XP version<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>MS Windows Media Encoder (prx)            <br \/><\/strong><em>(wmerrorenu.dll, winietenu.dll, asferrorenu.dll)<\/em><\/td>\n<td>9.00.00.2980<\/td>\n<\/tr>\n<tr>\n<td><strong>MS ATL Trace Tool (atltracetool8.exe) (trc)            <br \/><\/strong><em>(dwmapi.dll)<\/em><\/td>\n<td>10.0.30319.1<\/td>\n<\/tr>\n<tr>\n<td><strong>MS DirectShow SDK Filter Graph Editor (grf)            <br \/><\/strong><em>(ehtrace.dll, measure.dll)<\/em><\/td>\n<td>10.0.0.0 (Win7 x64)<\/td>\n<\/tr>\n<tr>\n<td><strong>MS Help &amp; Support Center            <br \/><\/strong><em>(wshfra.dll)<\/em><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>MS Live Writer (wpost)            <br \/><\/strong><em>(peerdist.dll)<\/em><\/td>\n<td>&lt;= 14.0.8089.726<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; MOOVIDA<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Moovida Media Player (f4v, flv, img, dv)            <br \/><\/strong><em>(libc.dll, quserex.dll)<\/em><\/td>\n<td>&lt;= 2.0.0.15<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\"><font color=\"#008000\">&gt;&gt;&gt; MOZILLA<\/font><\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Firefox (htm, html, jtx, mfp, shtml, xaml)            <br \/><\/strong><em>(dwmapi.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14730\" target=\"_blank\" rel=\"noopener\">&lt;= 3.6.8<\/a>           <br \/><strong><font color=\"#008000\">(fixed in 3.6.9 and 3.5.12)<\/font><\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>Mozilla Thunderbird (eml,html)<\/strong>           <br \/><em>(dwmapi.dll)<\/em><\/td>\n<td>3.1.2 <strong><font color=\"#008000\">(fixed in 3.1.3)<\/font><\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; MUVEE<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Muvee Reveal (rvl)            <br \/><\/strong><em>(peerdist.dll)<\/em><\/td>\n<td>7.0.43 build 11502<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; NETSTUMBLER<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>NetStumbler (ns1)            <br \/><\/strong><em>(mfc71enu.dll, mfc71loc.dll)<\/em><\/td>\n<td>0.4.0<\/td>\n<\/tr>\n<tr>\n<td><font color=\"#008000\"><strong><span style=\"color: #008000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #008000\">NITRO<\/span><\/strong><\/font><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Nitro PDF Reader (pdf)            <br \/><\/strong><em>(dwmapi.dll, nprender.dll)<\/em><\/td>\n<td><strong><font color=\"#008000\">fixed in 1.3<\/font><\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">NOKIA<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Nokia Suite ContentCopier            <br \/><\/strong><em>(wintab32.dll)<\/em><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Nokia Suite Communication Centre<\/strong>           <br \/><em>(wintab32.dll)<\/em><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\"><font color=\"#008000\">&gt;&gt;&gt; NOTEPAD++<\/font><\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Notepad++ (shtml, css, inc, inf, ini, log, scp, wtx, shtml)            <br \/><\/strong><em>(scinlexer.dll)<\/em><\/td>\n<td>5.7 <strong><font color=\"#008000\">(fixed in 5.8)<\/font><\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">NUANCE<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Nuance PDF (pdf)            <br \/><\/strong><em>(dwmapi.dll, exceptiondump.dll)<\/em><\/td>\n<td>&lt;= 6.0<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; NULLSOFT<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Winamp (669,aac,aiff,amf,au,avr,b4s,caf,cda)            <br \/><\/strong><em>(wnaspi32.dll, dwmapi.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14789\/\" target=\"_blank\" rel=\"noopener\">5.581<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Winamp (b4s, m3u8, m3u, pls)            <br \/><\/strong><em>(wnaspi32.dl)<\/em><\/td>\n<td>5.5.8.2985 (Win7 x64)<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; NVIDIA<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>NVidia Driver (tvp)<\/strong>           <br \/><em>(nview.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14769\/\" target=\"_blank\" rel=\"noopener\">latest<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">OMNIPEEK<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Omnipeek Personal (pkt, wac)            <br \/><\/strong><em>(mfc71loc.dll)<\/em><\/td>\n<td>4.1<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">OPERA<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Opera (htm, html, mht, mhtml, xht, xhtm, xhtl)            <br \/><\/strong><em>(dwmapi.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14732\" target=\"_blank\" rel=\"noopener\">&lt;= 10.61<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Opera widgets (wgt)<\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">ORACLE<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Java Web Start (javaw.exe) (jnlp<\/strong>)           <br \/><em>(schannel.dll)<\/em><\/td>\n<td>1.6 update 21<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; P<\/span><\/strong><strong><span style=\"color: #ff0000\">GP<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>PGP Desktop (pgp)            <br \/><\/strong><em>(credssp.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.s3cur1ty.de\/m1adv2010-004\">&lt;= 9.8<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>PGP Desktop (p12,pem,pgp,prk,prvkr,pubkr,rnd,skr)            <br \/><\/strong><em>(tsp.dll, tvttsp.dll)<\/em><\/td>\n<td>&lt;= 9.10          <br \/>&lt;= 10.0.0<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">PIXIA<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Pixia (pxa)<\/strong>           <br \/><em>(wintab32.dll)<\/em><\/td>\n<td>3.1j<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">PUTTY<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>putty            <br \/><\/strong><em>(winmm.dll)<\/em><\/td>\n<td><a href=\"https:\/\/web.archive.org\/web\/20110303085021\/http:\/\/www.exploit-db.com:80\/exploits\/14796\/\" target=\"_blank\" rel=\"noopener\">0.60<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">QT WEB<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>QtWeb (htm, html, mhtml, xml)            <br \/><\/strong><em>(wintab32.dll)<\/em><\/td>\n<td>&lt;= 3.3 b043<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">QCCIS<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Forensic CaseNotes (notes)            <br \/><\/strong><em>(credssp.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.s3cur1ty.de\/m1adv2010-005\">&lt;= 1.3.2010.6<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">REAL<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Real Player<\/strong>           <br \/><em>(wnaspi32.dll)<\/em><\/td>\n<td>&lt;= 1.1.5 build 12.0.0.879<\/td>\n<\/tr>\n<tr>\n<td><font color=\"#008000\"><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">RIM \/ BLACKBERRY<\/span><\/strong><\/font><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Blackberry Desktop Manager            <br \/><\/strong><em>(mapi32x.dll)<\/em><\/td>\n<td><font color=\"#008000\"><strong>&lt;= 6.0.0 (fixed in 6.0.0.43)<\/strong><\/font><\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">ROXIO<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Roxio Photosuite            <br \/><\/strong><em>(homeutils9.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14752\" target=\"_blank\" rel=\"noopener\">9<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Roxio MyDVD (dmsd,dmsm)            <br \/><\/strong><em>(homeutils9.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14781\" target=\"_blank\" rel=\"noopener\">9<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Roxio Creator DE<\/strong>           <br \/><em>(homeutils9.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14768\/\" target=\"_blank\" rel=\"noopener\">&lt;= 9.0.116<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>Roxi Central (c2d,cue,gi,iso,roxio)            <br \/><\/strong><em>(homeutils10.dll, dlaapi_w.dll, sonichttpclient10.dll, tfswapi.dll)<\/em><\/td>\n<td>3.6<\/td>\n<\/tr>\n<tr>\n<td><font color=\"#008000\"><strong><span style=\"color: green\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: green\">SEAMONKEY<\/span><\/strong><\/font><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>SeaMonkey (html, xml, txt, jpg)            <br \/><\/strong><em>(dwmapi.dll)<\/em><\/td>\n<td>&lt;= 2.0.6 <strong><font color=\"#008000\">(fixed in 2.0.7)<\/font><\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">SI SOFTWARE<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>SiSoft Sandra            <br \/><\/strong><em>(dwmapi.dll)<\/em><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">SMPLAYER<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>SMPlayer            <br \/><\/strong><em>(wintab32.dll)<\/em><\/td>\n<td>0.6.9<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">STEAM<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Steam Games            <br \/><\/strong><em>(steamgamesupport.dll)<\/em><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">SOMUD<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>SoMud P2P (torrent)            <br \/><\/strong><em>(wintab32.dll)<\/em><\/td>\n<td>&lt;= 1.2.8<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">SONY<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Sound Forge Pro<\/strong>           <br \/><em>(mtxparhvegaspreview.dll)<\/em><\/td>\n<td>10.0<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">SORAX<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Sorax PDF Reader (pdf)            <br \/><\/strong><em>(dwmapi.dll)<\/em><\/td>\n<td>&lt;= 2.0<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">SKYPE<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Skype<\/strong>           <br \/><em>(wab32.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14766\" target=\"_blank\" rel=\"noopener\">&lt;= 4.2.0.169<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; SWEETSCAPE<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>010 Editor (lsc,bt,hex,s19,s28,s37)            <br \/><\/strong><em>(wintab32.dll)<\/em><\/td>\n<td>3.1.2<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">TEAMMATE<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Teammate audit mgmt software suite            <br \/><\/strong><em>(mfc71enu.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14747\" target=\"_blank\" rel=\"noopener\">v8<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\"><font color=\"#008000\">&gt;&gt;&gt; TEAMVIEWER<\/font><\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Teamviewer (tvc, tvs)            <br \/><\/strong><em>(dwmapi.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14734\" target=\"_blank\" rel=\"noopener\">&lt;= 5.0.8703<\/a>           <br \/><strong><font color=\"#008000\">(patched in 5.1.9072)<\/font><\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">TECHSMITH<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>TechSmith Snagit (.snag)            <br \/><\/strong><em>(dwmapi.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14764\" target=\"_blank\" rel=\"noopener\">&lt;= 10 build 788<\/a><\/td>\n<\/tr>\n<tr>\n<td><strong>TechSmith Snagit accessories (results)<\/strong><\/td>\n<td>latest<\/td>\n<\/tr>\n<tr>\n<td><strong>TechSmith Snagit profiles (snagprof)<\/strong><\/td>\n<td>latest<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">TORTOISE<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Tortoise SVN (all registered filetypes)<\/strong>           <br \/><em>(dwmapi.dll)<\/em><\/td>\n<td>v1.6.10 (b19898)<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">TRACKER SOFTWARE<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>PDFXChange Viewer (pdf)<\/strong>           <br \/><em>(wintab32.dll)<\/em><\/td>\n<td>&lt;= 2.0 (b54.0)<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">ULTRA<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Ultra VNC Viewer (vnc)            <br \/><\/strong><em>(vnclang.dll)<\/em><\/td>\n<td>&lt;= 1.0.6.4<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\"><font color=\"#008000\">&gt;&gt;&gt; uTORRENT<\/font><\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>uTorrent            <br \/><\/strong><em>(userenv.dll, shfolder.dll, dnsapi.dll, dwmapi.dll, iphlpapi.dll,            <br \/>dhcpcsvc.dll, dhcpcsvc6.dll, rpcrtremote.dll)             <br \/><\/em><strong>.torrent <\/strong><em>(plugin_dll.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14748\" target=\"_blank\" rel=\"noopener\">&lt;= 2.0.3<\/a> \/ <a href=\"http:\/\/www.exploit-db.com\/exploits\/14726\" target=\"_blank\" rel=\"noopener\">&lt;= 2.0.3<\/a>           <br \/><strong><span style=\"color: #008000\">(fixed in <\/span><\/strong><a href=\"http:\/\/forum.utorrent.com\/viewtopic.php?id=82840\" target=\"_blank\" rel=\"noopener\"><strong><span style=\"color: #008000\">2.0.4<\/span><\/strong><\/a><strong><span style=\"color: #008000\"> (b21431))<\/span><\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\"><font color=\"#008000\">&gt;&gt;&gt; VIDEOLAN<\/font><\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>VLC media player (mp3)            <br \/><\/strong><em>(wintab32.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14750\" target=\"_blank\" rel=\"noopener\">&lt;= 1.1.3<\/a>           <br \/><strong><span style=\"color: #008000\">(fixed in <font color=\"#008000\">1.1.4<\/font>)<\/span><\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">VIRTUAL DJ<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Virtual DJ (mp3)            <br \/><\/strong><em>(hdjapi.dll)<\/em><\/td>\n<td>6.1.2<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\">&gt;&gt;&gt; <\/span><\/strong><strong><span style=\"color: #ff0000\">WINMERGE<\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>WinMerge            <br \/><\/strong><em>(mfc71*.dll)<\/em><\/td>\n<td>2.12.4<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #ff0000\"><font color=\"#008000\">&gt;&gt;&gt; WIRESHARK<\/font><\/span><\/strong><\/td>\n<td>&#160;<\/td>\n<\/tr>\n<tr>\n<td><strong>Wireshark (5vw, acp, apc, atc,bfr,cap,enc,erg,fdc,pcap,...)<\/strong><em>            <br \/>(airpcap.dll, tcapi.dll)<\/em><\/td>\n<td><a href=\"http:\/\/www.exploit-db.com\/exploits\/14721\" target=\"_blank\" rel=\"noopener\">&lt;= 1.2.10<\/a>           <br \/><strong><font color=\"#008000\">(patched in 1.4)<\/font><\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>dumpcap (5vw, acp, apc, atc,bfr,cap,enc,erg,fdc,pcap,...)<\/strong><em> <\/em>          <br \/><em>(airpcap.dll, tcapi.dll)<\/em><\/td>\n<td>&lt;= 1.2.10          <br \/><strong><font color=\"#008000\">(patched in 1.4)<\/font><\/strong><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3>Want to contribute ?<\/h3>\n<p>If you want to contribute, send the application name, version,&#160; and file extension to peter.ve[at] corelan.be<\/p>\n<p>Thanks to the people who have contributed so far : <a href=\"https:\/\/twitter.com\/EdiStrosar\" target=\"_blank\" rel=\"noopener\">EdiStrosar<\/a>, <a href=\"https:\/\/twitter.com\/0xjudd\" target=\"_blank\" rel=\"noopener\">0xjudd<\/a>, <a href=\"https:\/\/twitter.com\/xanda\" target=\"_blank\" rel=\"noopener\">xanda<\/a>, <a href=\"https:\/\/twitter.com\/dinosn\" target=\"_blank\" rel=\"noopener\">Dinosn<\/a>, <a href=\"https:\/\/twitter.com\/saintanthony\" target=\"_blank\" rel=\"noopener\">saintanthony<\/a>, <a href=\"https:\/\/twitter.com\/PieterDanhieux\" target=\"_blank\" rel=\"noopener\">PieterDanhieux<\/a>, <a href=\"https:\/\/twitter.com\/lofi42\" target=\"_blank\" rel=\"noopener\">Lofi<\/a>, Mark Crowther, h4ck3r#47,<a href=\"https:\/\/twitter.com\/_coreDump\" target=\"_blank\" rel=\"noopener\">_coreDump<\/a>, <a href=\"http:\/\/twitter.com\/_ikki\" target=\"_blank\" rel=\"noopener\">ikki<\/a>, diwr, <a href=\"https:\/\/web.archive.org\/web\/20201117234617\/https:\/\/www.zeroscience.mk\/\" target=\"_blank\" rel=\"noopener\">LiquidWorm<\/a>, <a href=\"https:\/\/twitter.com\/nikhil_mitt\" target=\"_blank\" rel=\"noopener\">Nikhil Mittal<\/a>, Chris Anderson, FInverse, <a href=\"http:\/\/blog.c22.cc\" target=\"_blank\" rel=\"noopener\">Chris John Riley<\/a>, nullthreat, <a href=\"http:\/\/yehg.net\/\" target=\"_blank\" rel=\"noopener\">Aung Khant<\/a>, SafetyFirstXL125, spot, <a href=\"http:\/\/www.classity.nl\" target=\"_blank\" rel=\"noopener\">Classity<\/a>, Jacky Jack, <a href=\"https:\/\/twitter.com\/guelfoweb\" target=\"_blank\" rel=\"noopener\">guelfoweb<\/a>, <a href=\"http:\/\/kervala.net\/\" target=\"_blank\" rel=\"noopener\">Kervala<\/a>, <a href=\"mailto:m1k3@m1k3.at\">m1k3<\/a>, Glafkos Charalambous, <a href=\"http:\/\/extraexploit.blogspot.com\/\">extraexploit<\/a>, Nagareshwar Talekar, Anastasios Monachos, Antisecurity, Oliver Wege<\/p>\n<h3>Other info<\/h3>\n<p><a href=\"http:\/\/support.microsoft.com\/kb\/2389418\">http:\/\/support.microsoft.com\/kb\/2389418<\/a><\/p>\n<p>http:\/\/www.microsoft.com\/technet\/security\/advisory\/2269637.mspx<\/p>\n<p><a href=\"https:\/\/web.archive.org\/web\/20150306211829\/http:\/\/support.microsoft.com\/kb\/2264107\">http:\/\/support.microsoft.com\/kb\/2264107<\/a><\/p>\n<hr \/>\n<p><!--Digiprove_Start--><span lang=\"en\" xml:lang=\"en\" style=\"vertical-align:middle; display:inline; padding:3px; line-height:normal;border:1px solid #e3e3e3;background-color:#000000;\" title=\"certified 23 November 2010 19:06:57 UTC by Digiprove certificate P66369\" ><a href=\"http:\/\/www.digiprove.com\/show_certificate.aspx?id=P66369&guid=9ENu04M_VkyPKrbA7vcaDg\" target=\"_blank\" rel=\"copyright noopener\" style=\"border:0px; float:none; display:inline; text-decoration: none; background-color:transparent\"><img decoding=\"async\" src=\"http:\/\/www.digiprove.com\/images\/dp_seal_trans_16x16.png\" style=\"vertical-align:middle; display:inline; border:0px; margin:0px; float:none; background-color:transparent\" border=\"0\" width=\"12px\" height=\"12px\" alt=\"\"\/><span style=\"font-family: Tahoma, MS Sans Serif; font-size:9px; font-weight:normal; color:#FFFFFF; border:0px; float:none; display:inline; text-decoration:none; letter-spacing:normal\" onmouseover=\"this.style.color='#FFFF1C';\" onmouseout=\"this.style.color='#FFFFFF';\">&nbsp;&nbsp;Copyright secured by Digiprove&nbsp;&copy; 2010 Peter Van Eeckhoutte<\/span><\/a><!--BFBAA62F297C30DC18106AB75C199CB11F4561C8240EB306540444F4EBF22C63--><\/span><!--Digiprove_End--><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This page hosts an unofficial list of applications that are said to be vulnerable to the dll hijacking flaw (or feature or whatever you want to call it). Note that I did not test these applications myself. If you have found other applications to be vulnerable and want to add them to the list, send &hellip; <a href=\"https:\/\/www.corelan.be\/index.php\/2010\/08\/25\/dll-hijacking-kb-2269637-the-unofficial-list\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> \"DLL Hijacking (KB 2269637) - the unofficial list\"<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[245,127],"tags":[1828,1824],"class_list":["post-4621","post","type-post","status-publish","format-standard","hentry","category-exploits","category-security","tag-overflow","tag-metasploit"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>DLL Hijacking (KB 2269637) - the unofficial list - Corelan | Exploit Development &amp; Vulnerability Research<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.corelan.be\/index.php\/2010\/08\/25\/dll-hijacking-kb-2269637-the-unofficial-list\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DLL Hijacking (KB 2269637) - the unofficial list - Corelan | Exploit Development &amp; Vulnerability Research\" \/>\n<meta property=\"og:description\" content=\"This page hosts an unofficial list of applications that are said to be vulnerable to the dll hijacking flaw (or feature or whatever you want to call it). Note that I did not test these applications myself. If you have found other applications to be vulnerable and want to add them to the list, send &hellip; Continue reading &quot;DLL Hijacking (KB 2269637) - the unofficial list&quot;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.corelan.be\/index.php\/2010\/08\/25\/dll-hijacking-kb-2269637-the-unofficial-list\/\" \/>\n<meta property=\"og:site_name\" content=\"Corelan | Exploit Development &amp; Vulnerability Research\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/corelanconsulting\" \/>\n<meta property=\"article:published_time\" content=\"2010-08-25T08:52:38+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/www.digiprove.com\/images\/dp_seal_trans_16x16.png\" \/>\n<meta name=\"author\" content=\"corelanc0d3r\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@corelanc0d3r\" \/>\n<meta name=\"twitter:site\" content=\"@corelanc0d3r\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"TechArticle\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2010\\\/08\\\/25\\\/dll-hijacking-kb-2269637-the-unofficial-list\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2010\\\/08\\\/25\\\/dll-hijacking-kb-2269637-the-unofficial-list\\\/\"},\"author\":{\"name\":\"corelanc0d3r\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/person\\\/3be5542b9b0a0787893db83a5ad68e8f\"},\"headline\":\"DLL Hijacking (KB 2269637) - the unofficial list\",\"datePublished\":\"2010-08-25T08:52:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2010\\\/08\\\/25\\\/dll-hijacking-kb-2269637-the-unofficial-list\\\/\"},\"wordCount\":2275,\"publisher\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2010\\\/08\\\/25\\\/dll-hijacking-kb-2269637-the-unofficial-list\\\/#primaryimage\"},\"thumbnailUrl\":\"http:\\\/\\\/www.digiprove.com\\\/images\\\/dp_seal_trans_16x16.png\",\"keywords\":[\"overflow\",\"metasploit\"],\"articleSection\":[\"Exploits\",\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2010\\\/08\\\/25\\\/dll-hijacking-kb-2269637-the-unofficial-list\\\/\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2010\\\/08\\\/25\\\/dll-hijacking-kb-2269637-the-unofficial-list\\\/\",\"name\":\"DLL Hijacking (KB 2269637) - the unofficial list - Corelan | Exploit Development &amp; Vulnerability Research\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2010\\\/08\\\/25\\\/dll-hijacking-kb-2269637-the-unofficial-list\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2010\\\/08\\\/25\\\/dll-hijacking-kb-2269637-the-unofficial-list\\\/#primaryimage\"},\"thumbnailUrl\":\"http:\\\/\\\/www.digiprove.com\\\/images\\\/dp_seal_trans_16x16.png\",\"datePublished\":\"2010-08-25T08:52:38+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2010\\\/08\\\/25\\\/dll-hijacking-kb-2269637-the-unofficial-list\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2010\\\/08\\\/25\\\/dll-hijacking-kb-2269637-the-unofficial-list\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2010\\\/08\\\/25\\\/dll-hijacking-kb-2269637-the-unofficial-list\\\/#primaryimage\",\"url\":\"http:\\\/\\\/www.digiprove.com\\\/images\\\/dp_seal_trans_16x16.png\",\"contentUrl\":\"http:\\\/\\\/www.digiprove.com\\\/images\\\/dp_seal_trans_16x16.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2010\\\/08\\\/25\\\/dll-hijacking-kb-2269637-the-unofficial-list\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.corelan.be\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DLL Hijacking (KB 2269637) &#8211; the unofficial list\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#website\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/\",\"name\":\"Corelan CyberSecurity Research\",\"description\":\"Corelan publishes in-depth tutorials on exploit development, Windows exploitation, vulnerability research, heap internals, reverse engineering and security tooling used by professionals worldwide.\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.corelan.be\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\",\"name\":\"Corelan CyberSecurity Research\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/corelanlogo2_small-20.png\",\"contentUrl\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/corelanlogo2_small-20.png\",\"width\":200,\"height\":200,\"caption\":\"Corelan CyberSecurity Research\"},\"image\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/corelanconsulting\",\"https:\\\/\\\/x.com\\\/corelanc0d3r\",\"https:\\\/\\\/x.com\\\/corelanconsulting\",\"https:\\\/\\\/instagram.com\\\/corelanconsult\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/person\\\/3be5542b9b0a0787893db83a5ad68e8f\",\"name\":\"corelanc0d3r\",\"pronouns\":\"he\\\/him\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x\",\"caption\":\"corelanc0d3r\"},\"description\":\"Peter Van Eeckhoutte is the founder of Corelan and a globally recognized expert in exploit development and vulnerability research. With over two decades in IT security, he built Corelan into a respected platform for deep technical research, hands-on training, and knowledge sharing. Known for his influential exploit development tutorials, tools, and real-world training, Peter combines a strong research mindset with a passion for education\u2014helping security professionals understand not just how exploits work, but why.\",\"sameAs\":[\"https:\\\/\\\/www.corelan-training.com\",\"https:\\\/\\\/instagram.com\\\/corelanc0d3r\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/petervaneeckhoutte\\\/\",\"https:\\\/\\\/x.com\\\/corelanc0d3r\"],\"url\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/author\\\/admin0\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"DLL Hijacking (KB 2269637) - the unofficial list - Corelan | Exploit Development &amp; Vulnerability Research","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.corelan.be\/index.php\/2010\/08\/25\/dll-hijacking-kb-2269637-the-unofficial-list\/","og_locale":"en_US","og_type":"article","og_title":"DLL Hijacking (KB 2269637) - the unofficial list - Corelan | Exploit Development &amp; Vulnerability Research","og_description":"This page hosts an unofficial list of applications that are said to be vulnerable to the dll hijacking flaw (or feature or whatever you want to call it). Note that I did not test these applications myself. If you have found other applications to be vulnerable and want to add them to the list, send &hellip; Continue reading \"DLL Hijacking (KB 2269637) - the unofficial list\"","og_url":"https:\/\/www.corelan.be\/index.php\/2010\/08\/25\/dll-hijacking-kb-2269637-the-unofficial-list\/","og_site_name":"Corelan | Exploit Development &amp; Vulnerability Research","article_publisher":"https:\/\/www.facebook.com\/corelanconsulting","article_published_time":"2010-08-25T08:52:38+00:00","og_image":[{"url":"http:\/\/www.digiprove.com\/images\/dp_seal_trans_16x16.png","type":"","width":"","height":""}],"author":"corelanc0d3r","twitter_card":"summary_large_image","twitter_creator":"@corelanc0d3r","twitter_site":"@corelanc0d3r","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"TechArticle","@id":"https:\/\/www.corelan.be\/index.php\/2010\/08\/25\/dll-hijacking-kb-2269637-the-unofficial-list\/#article","isPartOf":{"@id":"https:\/\/www.corelan.be\/index.php\/2010\/08\/25\/dll-hijacking-kb-2269637-the-unofficial-list\/"},"author":{"name":"corelanc0d3r","@id":"https:\/\/www.corelan.be\/#\/schema\/person\/3be5542b9b0a0787893db83a5ad68e8f"},"headline":"DLL Hijacking (KB 2269637) - the unofficial list","datePublished":"2010-08-25T08:52:38+00:00","mainEntityOfPage":{"@id":"https:\/\/www.corelan.be\/index.php\/2010\/08\/25\/dll-hijacking-kb-2269637-the-unofficial-list\/"},"wordCount":2275,"publisher":{"@id":"https:\/\/www.corelan.be\/#organization"},"image":{"@id":"https:\/\/www.corelan.be\/index.php\/2010\/08\/25\/dll-hijacking-kb-2269637-the-unofficial-list\/#primaryimage"},"thumbnailUrl":"http:\/\/www.digiprove.com\/images\/dp_seal_trans_16x16.png","keywords":["overflow","metasploit"],"articleSection":["Exploits","Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.corelan.be\/index.php\/2010\/08\/25\/dll-hijacking-kb-2269637-the-unofficial-list\/","url":"https:\/\/www.corelan.be\/index.php\/2010\/08\/25\/dll-hijacking-kb-2269637-the-unofficial-list\/","name":"DLL Hijacking (KB 2269637) - the unofficial list - Corelan | Exploit Development &amp; Vulnerability Research","isPartOf":{"@id":"https:\/\/www.corelan.be\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.corelan.be\/index.php\/2010\/08\/25\/dll-hijacking-kb-2269637-the-unofficial-list\/#primaryimage"},"image":{"@id":"https:\/\/www.corelan.be\/index.php\/2010\/08\/25\/dll-hijacking-kb-2269637-the-unofficial-list\/#primaryimage"},"thumbnailUrl":"http:\/\/www.digiprove.com\/images\/dp_seal_trans_16x16.png","datePublished":"2010-08-25T08:52:38+00:00","breadcrumb":{"@id":"https:\/\/www.corelan.be\/index.php\/2010\/08\/25\/dll-hijacking-kb-2269637-the-unofficial-list\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.corelan.be\/index.php\/2010\/08\/25\/dll-hijacking-kb-2269637-the-unofficial-list\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.corelan.be\/index.php\/2010\/08\/25\/dll-hijacking-kb-2269637-the-unofficial-list\/#primaryimage","url":"http:\/\/www.digiprove.com\/images\/dp_seal_trans_16x16.png","contentUrl":"http:\/\/www.digiprove.com\/images\/dp_seal_trans_16x16.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.corelan.be\/index.php\/2010\/08\/25\/dll-hijacking-kb-2269637-the-unofficial-list\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.corelan.be\/"},{"@type":"ListItem","position":2,"name":"DLL Hijacking (KB 2269637) &#8211; the unofficial list"}]},{"@type":"WebSite","@id":"https:\/\/www.corelan.be\/#website","url":"https:\/\/www.corelan.be\/","name":"Corelan CyberSecurity Research","description":"Corelan publishes in-depth tutorials on exploit development, Windows exploitation, vulnerability research, heap internals, reverse engineering and security tooling used by professionals worldwide.","publisher":{"@id":"https:\/\/www.corelan.be\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.corelan.be\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.corelan.be\/#organization","name":"Corelan CyberSecurity Research","url":"https:\/\/www.corelan.be\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.corelan.be\/#\/schema\/logo\/image\/","url":"https:\/\/www.corelan.be\/wp-content\/uploads\/2026\/03\/corelanlogo2_small-20.png","contentUrl":"https:\/\/www.corelan.be\/wp-content\/uploads\/2026\/03\/corelanlogo2_small-20.png","width":200,"height":200,"caption":"Corelan CyberSecurity Research"},"image":{"@id":"https:\/\/www.corelan.be\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/corelanconsulting","https:\/\/x.com\/corelanc0d3r","https:\/\/x.com\/corelanconsulting","https:\/\/instagram.com\/corelanconsult"]},{"@type":"Person","@id":"https:\/\/www.corelan.be\/#\/schema\/person\/3be5542b9b0a0787893db83a5ad68e8f","name":"corelanc0d3r","pronouns":"he\/him","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x","url":"https:\/\/secure.gravatar.com\/avatar\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x","caption":"corelanc0d3r"},"description":"Peter Van Eeckhoutte is the founder of Corelan and a globally recognized expert in exploit development and vulnerability research. With over two decades in IT security, he built Corelan into a respected platform for deep technical research, hands-on training, and knowledge sharing. Known for his influential exploit development tutorials, tools, and real-world training, Peter combines a strong research mindset with a passion for education\u2014helping security professionals understand not just how exploits work, but why.","sameAs":["https:\/\/www.corelan-training.com","https:\/\/instagram.com\/corelanc0d3r","https:\/\/www.linkedin.com\/in\/petervaneeckhoutte\/","https:\/\/x.com\/corelanc0d3r"],"url":"https:\/\/www.corelan.be\/index.php\/author\/admin0\/"}]}},"views":47799,"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts\/4621","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/comments?post=4621"}],"version-history":[{"count":0,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts\/4621\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/media?parent=4621"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/categories?post=4621"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/tags?post=4621"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}