Today there is lot of information about 'DLL hijacking vulnerabilities'. You can protect your Windows in two ways. First, install KB2264107 and set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager CWDIllegalInDllSearch to ffffffff. Or second, you set in your app
SetDllDirectory(_T("")) (I prefer this one). In both cases, the current working directory is removed from the DLL Search path. But now when you use the MFC MAPI support and you've got Microsoft Outlook as your MAPI client, you can't send any email from your app. Because The Outlook MAPI uses the current working directory to load MsMapi32.dll from %CommonProgramFiles%\.... With Outlook Express it works fine. There is another minor issue when you send an email from your app. After that, the current working directory is set to %CommonProgramFiles%\.... where Outlook MAPI found the MsMapi32.dll. You can check this with the file-open or file-saveas dialog.
Using the Code
The following steps can fix both in your MFC app.
- Implement an own function
OnFileSendMail() in your document class.
- Save the current working directory with
- Get the MsMapi path from the registry
- Set the DLL search path with
- Set the DLL search path without current working directory
- Restore the current working directory with
SetCurrentDirectory() In the attached demo app, you can see this in MapiFixDoc.cpp
VERIFY(0U < ::GetCurrentDirectory(_countof(szCurrentDirectory),
if(FALSE != ::GetMsMapiPath(_countof(szMsMapiPath), szMsMapiPath))
VERIFY(FALSE != ::SetCurrentDirectory(szCurrentDirectory));
Points of Interest
SetDllDirectory() is not available in older Windows versions. So I dynamically load this function from kernel32.dll. This is done in SetDllDirectory.h.
I test it with Windows 2000 till Windows 7 and Office 2000 till Office 2010. The demo app compiles with VC++ 6 and VS 2008. I think it should also compile with other VS versions.
04.09.2010 Initial publication