How can the recent Windows DLL hijacking issue affect me? Or rather, can it be used to specifically target vulnerable applications?
A disclosure this afternoon involving KeePass certainly does show you can target specific applications. For instance, if you can get someone with KeePass to attempt to open a KeePass file and load your malicious DLL, you can execute code…such as installing a keylogger/filemon to track what your victim uses to open that super-secret KeePass database.
Note an important issue here: While this vulnerability was announced by Microsoft, Microsoft may not be able to fix this underlying issue. Which really breaks many vulnerability management practices in enterprises that don’t do a good job keeping inventory of installed applications and their own updates/patches/vuln announcements.