Binary Planting Home > Online Binary Planting Exposure Tests

Online Binary Planting Exposure Tests

IMPORTANT: This project has fulfilled its life mission by drawing attention to a class of remotely exploitable vulnerabilities that was previously not well known - especially among developers, where it really counts. Hundreds of widely used products by leading software vendors have been fixed and are now less likely to become vulnerable again, and Microsoft has implemented changes in the behavior of Windows applications that, if employed, make attacks more difficult. We don't expect any significant developments to occur in this area any more and have thus closed the public section of this research. The web site will remain live to keep links from other sites working and because information provided here remains useful for those looking for vulnerabilities as well as those trying to avoid creating them.

Online tests may not work any more and we do not plan on updating them any longer.

This page is provided for the benefit of all coporate and home Windows users who wish to test their exposure to binary planting attacks (also called "DLL hijacking", "DLL load hijacking", "DLL preloading", "Unsafe library loading" or "Insecure Library Loading") originating from the Internet. We'll try to keep a working demo of at least one unpatched vulnerability here for as long as there are any available.

Note that these tests are not a demonstration of a realistic attack scenario. In a real attack, for instance, you would not be asked to manually copy-paste an address from one window to another, and the DLL would not be visible in the remote shared folder. These tests have been optimized to make it as independent as possible from your computer configuration. (See this page for real-world attack scenarios.)

Before you begin, be aware that these tests, if successful, will execute code originating from an unknown source (unknown to you, that is) on your computer and obtain your privileges on your computer and in your network. You have absolutely no reason to trust any such code - this code, if it were malicious, could infect your computer with all sorts of malware. If you are, or should be, in any way concerned about the security of your computer and/or network, we encourage you to do this test, as well as any other such exploit tests, on a "sacrificial" computer, preferably a virtual one that you can revert to a known secure state afterwards. Even if you entirely trust us to be nice (which we are), you should know that these tests will take place over an untrusted Internet connection, along which our benign code can be silently replaced by a malicious look-alike without us being able to do anything about it or you being able to detect such replacement. You have been warned.

Current Test Suite - UNFIXED Vulnerabilities

These are the currently available tests exploiting vulnerabilities that haven't been fixed by vendors yet. Choose any test that fits your operating system and follow its link to proceed.

Vulnerable Product	Status	Operating System	Test Page
Microsoft Management Console	UNFIXED	Windows 7 Windows Vista	Proceed to TEST #4
Program Manager Group Converter	UNFIXED	Windows XP	Proceed to TEST #2

Archive Test Suite - FIXED Vulnerabilities

These are the currently available tests exploiting vulnerabilities that have already been fixed by vendors. Only use these tests to verify whether the associated vulnerabilities have been efficiently fixed on your computer. Choose any test that fits your operating system and follow its link to proceed.

Vulnerable Product	Status	Operating System	Test Page
Windows Media Player 11 & 12	FIXED	Windows Vista Windows 7	Proceed to TEST #3
Windows Address Book, Windows Contacts	FIXED	Windows XP Windows Vista Windows 7	Proceed to TEST #1

Note that these tests are not suitable for confirming the absence of exposure to binary planting vulnerabilities, but only to confirm the presence of such exposure. There can be many reasons why these tests can fail, including network problems, a specific state of your computer at the time of testing, and the possibility of the vulnerabilities used for testing having been recently fixed. However, these tests can be a useful tool for testing various countermeasures to binary planting attacks in general: if you get "HACKED" consistently without some countermeasure, and avoid getting "HACKED" with that countermeasure in place, the countermeasure's effectiveness, at least to this particular attack originating from the Internet, can be confirmed.

For additional information, go to ACROS Security and ACROS Security Blog.

Please kindly direct any feedback regarding this test to security@acrossecurity.com.