Natural Language 6 DLLs
Last updated
Last updated
Under any of the languages in the Natural Language Development Platform 6 library (NaturalLanguage6.dll) registry keys, we can set the value of either StemmerDLLPathOverride or WBDLLPathOverride to the location of our malicious DLL. The DLL will be loaded via LoadLibrary executed by SearchIndexer.exe.
You can force SearchIndexer.exe to load some DLLs specified in this registry:
HKLM\System\CurrentControlSet\Control\ContentIndex\Language\<some language>\StemmerDLLPathOverride
HKLM\System\CurrentControlSet\Control\ContentIndex\Language\<some language>\WBDLLPathOverride