CompTIA PenTest+ (PT0-001) — Question 144

While performing privilege escalation on a Windows 7 workstation, a penetration tester identifies a service that imports a DLL by name rather than an absolute path. To exploit this vulnerability, which of the following criteria must be met?

Answer options

• A. Permissions not disabled in the DLL
• B. Weak folder permissions of a directory in the DLL search path
• C. Write permissions in the C:\Windows\System32\imports directory
• D. DLL not cryptographically signed by the vendor

Correct answer: B

Explanation

The correct answer is B because weak folder permissions in the DLL search path allow an attacker to place a malicious DLL that the service will load. Options A, C, and D do not directly relate to the ability to exploit the DLL loading process; permissions of the DLL itself or the write permissions in System32 do not facilitate the exploitation if the search path is not vulnerable.