Changes between Initial Version and Version 1 of Ticket #1141, comment 2


Ignore:
Timestamp:
11/14/18 11:44:04 (2 years ago)
Author:
Samuli Seppänen
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #1141, comment 2

    initial v1  
    11As rozmansi said in today's community meeting we can't hardcode any of the DLL paths. Somebody may have installed Windows to D:\Windows for example.
    22
    3 Also, with local admin privileges the attacker could replace openvpn.exe or openvpn-gui.exe without playing with DLLs.
     3The reason why it is better for the attacker to play with the DLLs is to avoid breaking the code signature in openvpn.exe or openvpn-gui.exe and thus alarming the user. Apparently this type of exploit is able to evade AV detection as well (in some cases?).