DLL Hijacking Vulnerability
Description
The function is vulnerable to DLL hijacking attacks. Use `windows.NewLazySystemDLL()` function to limit DLL search to the Windows directory
Examples
Insecure Code
go
syscall.LoadDLL("example.dll")Secure Code
go
windows.NewLazySystemDLL("example.dll")Remediation
Replace vulnerable functions with `windows.NewLazySystemDLL()` to limit DLL search to the Windows directory
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0213 |
| Category | InsecureConfig |
| Severity | HIGH |
| CWE | CWE-427 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | dll-hijacking, windows |
| OWASP | N/A |