Well, what can I say - your write up is accurate. Though last time I've seen it, around 5 years ago, it was still called DLL spoofing and not DLL hijacking, and was one of the arguments why "carpet bombing" (automatic download) in Safair/Chrome must be fixed :) E.g. http://gynvael.coldwind.pl/?id=55
-- gynvael.coldwind//vx _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
