SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows DLL (Any) Vendors:   Microsoft
Windows Applications May Load DLLs Unsafely and Remotely Execute Arbitrary Code
SecurityTracker Alert ID:  1024355
SecurityTracker URL:  http://securitytracker.com/id/1024355
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 24 2010
Impact:   Execution of arbitrary code via network, User access via network


Description:   A vulnerability was reported in some applications for Microsoft Windows. A remote user may be able to cause arbitrary code to be executed on the target user's system.

Some applications that run on Microsoft Windows operating systems may pass an insufficiently qualified path when loading an external library. A remote user can exploit this by creating a specially crafted DLL file on a remote share (e.g., WebDAV, SMB share). When the target application is loaded by the target user, the application may load the remote user's DLL instead of the intended DLL and execute arbitrary code. The code will run with the privileges of the target user.

This type of exploit is also known as "binary planting" or "DLL preloading".

The vulnerability resides in some applications that run on Microsoft Windows and not in the Windows operating system itself.

Impact:   A remote user can may be able to cause a target application to execute arbitrary code on the target user's system.
Solution:   Microsoft is evaluating Microsoft applications to determine if they are affected.

Microsoft has issued a tool to allow administrators to alter the library loading behavior on a system-wide basis or for specific applications. The tool is available at:

http://support.microsoft.com/kb/2264107

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/advisory/2269637.mspx

Vendor URL:  www.microsoft.com/technet/security/advisory/2269637.mspx (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC