New Windows vulnerability: Applications download malicious code from the net


Recommended Posts

19 August 2010, 17:12

New Windows vulnerability: Applications download malicious code from the net

Apparently it is possible to exploit the way Windows downloads libraries for third-party applications, to execute arbitrary programs on victims' systems. According to various reports, the problem exists because applications that retrieve linked data (safe files) from external sources, also try to download certain libraries from the same place.

For example – an attacker deposits an MP3 file as well as a specially crafted DLL (with the required name) on a network volume. The victim starts a media player to play the MP3 and potentially also downloads the DLL, executing the attacker's code during start-up. A successful attack requires the victim opening the lure file on the network volume. This is something attackers can generally achieve via social engineering techniques.

Which exact applications are affected is yet unknown. However, the vulnerability can reportedly also be exploited via HTTP and WebDAV. Metasploit developer HD Moore says that the problem affects around 40, mostly third-party, applications and that there are "some surprises". No further details, for instance which versions of Windows are affected by the flaw, have become available. Moore intends to disclose more information soon.

http://www.h-online....et-1062153.html

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...