[ISN] Windows DLL bug hits dozens of apps

From: InfoSec News <alerts_at_private>
Date: Wed, 25 Aug 2010 00:38:16 -0500 (CDT)
http://news.cnet.com/8301-27080_3-20014625-245.html

By Elinor Mills
InSecurity Complex
CNet News
August 24, 2010

A flaw in the way Windows handles DLL (dynamic-link library) and related 
files likely affects hundreds of applications and has already been used 
in malicious attacks in the wild, a security researcher said on Tuesday.

Microsoft acknowledged in an advisory on Monday a type of attack 
mechanism known as DLL preloading, or binary planting and said that 
while it is not new it does have a new remote-attack vector. Malicious 
code can now be planted on a network share instead of just on a local 
system, making it much easier to attack vulnerable systems by duping 
people into clicking on malicious Web links or opening malicious 
documents.

Security firm Acros disclosed the issue last week after finding that it 
affects iTunes, and Rapid7 Chief Technology Officer HD Moore published 
additional information about it this week here and here. Moore, creator 
of the Metasploit database and framework, also released a tool to test 
whether applications are vulnerable.

Now, the Exploit-db.com exploit database is getting flooded with 
submissions of applications that people say are vulnerable, including 
Windows Live Mail, Windows Movie Maker, Microsoft PowerPoint 2010, 
Office 2007, and non-Microsoft applications like Firefox 3.6.8, Foxit 
Reader, Wireshark and uTorrent, said Mati Aharoni, founder of security 
firm Offensive Security, which runs the exploit database.

A post to the Full Disclosure mailing list claims that the Windows 
Address Book in Windows XP is also vulnerable.

[...]


5B
_______________________________________________________      
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
Received on Tue Aug 24 2010 - 22:38:16 PDT

This archive was generated by hypermail 2.2.0 : Tue Aug 24 2010 - 22:49:15 PDT