New Windows vulnerability: Applications download malicious code from the net

[Peaches]

19 August 2010, 17:12

New Windows vulnerability: Applications download malicious code from the net

Apparently it is possible to exploit the way Windows downloads libraries for third-party applications, to execute arbitrary programs on victims' systems. According to various reports, the problem exists because applications that retrieve linked data (safe files) from external sources, also try to download certain libraries from the same place.

For example – an attacker deposits an MP3 file as well as a specially crafted DLL (with the required name) on a network volume. The victim starts a media player to play the MP3 and potentially also downloads the DLL, executing the attacker's code during start-up. A successful attack requires the victim opening the lure file on the network volume. This is something attackers can generally achieve via social engineering techniques.

Which exact applications are affected is yet unknown. However, the vulnerability can reportedly also be exploited via HTTP and WebDAV. Metasploit developer HD Moore says that the problem affects around 40, mostly third-party, applications and that there are "some surprises". No further details, for instance which versions of Windows are affected by the flaw, have become available. Moore intends to disclose more information soon.

http://www.h-online....et-1062153.html