Click here to Skip to main content
12,830,888 members (41,143 online)
Click here to Skip to main content
Add your own
alternative version

Tagged as


2 bookmarked
Posted 7 Sep 2010

Protect 'DLL hijacking' in MFC app with MAPI and Microsoft Office

, 19 Sep 2010 CPOL
Rate this:
Please Sign up or sign in to vote.
Protect 'DLL hijacking' in MFC app with MAPI and Microsoft Office


Today there is lot of information about 'DLL hijacking vulnerabilities'. You can protect your Windows in two ways. First, install KB2264107 and set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager CWDIllegalInDllSearch to ffffffff. Or second, you set in your app SetDllDirectory(_T("")) (I prefer this one). In both cases, the current working directory is removed from the DLL Search path. But now when you use the MFC MAPI support and you've got Microsoft Outlook as your MAPI client, you can't send any email from your app. Because The Outlook MAPI uses the current working directory to load MsMapi32.dll from %CommonProgramFiles%\.... With Outlook Express it works fine. There is another minor issue when you send an email from your app. After that, the current working directory is set to %CommonProgramFiles%\.... where Outlook MAPI found the MsMapi32.dll. You can check this with the file-open or file-saveas dialog.

Using the Code

The following steps can fix both in your MFC app.

  1. Implement an own function OnFileSendMail() in your document class.

  2. Save the current working directory with GetCurrentDirectory()

  3. Get the MsMapi path from the registry

  4. Set the DLL search path with SetDllDirectory()

  5. Call CDocument::OnFileSendMail()

  6. Set the DLL search path without current working directory

  7. Restore the current working directory with SetCurrentDirectory() In the attached demo app, you can see this in MapiFixDoc.cpp

void CMapiFixDoc::OnFileSendMail() 
	TCHAR szCurrentDirectory[MAX_PATH];
	VERIFY(0U < ::GetCurrentDirectory(_countof(szCurrentDirectory),
	TCHAR szMsMapiPath[MAX_PATH];
	if(FALSE != ::GetMsMapiPath(_countof(szMsMapiPath), szMsMapiPath))
	    //add MsMapi to the default DLL search order
    //removes the current directory from the default DLL search order
	VERIFY(FALSE != ::SetCurrentDirectory(szCurrentDirectory));

Points of Interest

SetDllDirectory() is not available in older Windows versions. So I dynamically load this function from kernel32.dll. This is done in SetDllDirectory.h.


I test it with Windows 2000 till Windows 7 and Office 2000 till Office 2010. The demo app compiles with VC++ 6 and VS 2008. I think it should also compile with other VS versions.


04.09.2010 Initial publication


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Switzerland Switzerland
No Biography provided

You may also be interested in...


Comments and Discussions

-- There are no messages in this forum --
Permalink | Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.170326.1 | Last Updated 19 Sep 2010
Article Copyright 2010 by Reto70
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid