Dll hijacking

[spyfrog]

Hi there

There is a new security hole with Windows program that have surfaced during the last days - dll hijacking - that many programs that loads DLLs are prone to (several of Microsofts own program is apparently at risk).
As I have understod it, this is something to do with how DLL's are loaded.

My question is, since MMF2 loads very many DLLs (the extensions), is this be a problem for MMF2 or are we safe?

[Yves]

AFAIK this vulnerability concerns applications that load DLLs without specifying the pathname of the DLL, as in this case Windows tries to find them from other directories. MMF2 dynamically loads extensions from a fixed pathname, this should be safe (unless you use extensions that require other DLLs that may be not installed on the system, like the MSVC 7/8/9 runtime DLLs, but very few extensions use that).

[spyfrog]

Thank you for your answer Yves.
Sounds very good.