G
Greg Russell
The following vulnerability has been the way M$ operating systems have
operated since the beginning ... nothing new at all. Hackers, spyware and
viruses have used this "backdoor" to gain access to everybody's computer,
and M$ has done absolutely *nothing* about it until their hand has been
finally forced by the publicity:
--------------------------------------------------------------
National Cyber Alert System
Technical Cyber Security Alert TA10-238A
Microsoft Windows Insecurely Loads Dynamic Libraries
Original release date: August 26, 2010
Last revised: --
Source: US-CERT
Systems Affected
Any application running on the Microsoft Windows platform that
uses dynamically linked libraries (DLLs) may be affected. Whether
or not an application is vulnerable depends on how it
specifically loads a DLL. Please see the Vendor Information
section of Vulnerability Note VU#707943 for information about
specific vendors.
Overview
Due to the way Microsoft Windows loads dynamically linked libraries
(DLLs), an application may load an attacker-supplied DLL instead of
the legitimate one, resulting in the execution of arbitrary code.
I. Description
Microsoft Windows supports dynamically linked libraries (DLLs) that
are loaded when needed by an application. DLLs are typically loaded
when the application is first started; however DLLs may be loaded
and unloaded while the application is running. An application can
request a DLL file in a variety of ways, and Windows uses several
different search algorithms to find DLL files. The interaction
between the application and Windows can result in a DLL file being
loaded from the current working directory of the application,
instead of the Windows system directory or the directory where the
application is installed.
The current working directory could be the desktop, a removable
storage device such as a USB key, a Windows file share, or a WebDAV
location. When a file associated with an application is opened, a
DLL in the same directory as the file may be loaded. Although an
attacker may not have permission to write to the Windows system or
application directories, the attacker may be able to write a DLL to
a directory used to store files, or the attacker could provide
their own directory.
Attacks against this type of vulnerability have been referred to as
"binary planting." Please see Vulnerability Note VU#707943 and
Microsoft Security Advisory 2269637 for more information.
....
operated since the beginning ... nothing new at all. Hackers, spyware and
viruses have used this "backdoor" to gain access to everybody's computer,
and M$ has done absolutely *nothing* about it until their hand has been
finally forced by the publicity:
--------------------------------------------------------------
National Cyber Alert System
Technical Cyber Security Alert TA10-238A
Microsoft Windows Insecurely Loads Dynamic Libraries
Original release date: August 26, 2010
Last revised: --
Source: US-CERT
Systems Affected
Any application running on the Microsoft Windows platform that
uses dynamically linked libraries (DLLs) may be affected. Whether
or not an application is vulnerable depends on how it
specifically loads a DLL. Please see the Vendor Information
section of Vulnerability Note VU#707943 for information about
specific vendors.
Overview
Due to the way Microsoft Windows loads dynamically linked libraries
(DLLs), an application may load an attacker-supplied DLL instead of
the legitimate one, resulting in the execution of arbitrary code.
I. Description
Microsoft Windows supports dynamically linked libraries (DLLs) that
are loaded when needed by an application. DLLs are typically loaded
when the application is first started; however DLLs may be loaded
and unloaded while the application is running. An application can
request a DLL file in a variety of ways, and Windows uses several
different search algorithms to find DLL files. The interaction
between the application and Windows can result in a DLL file being
loaded from the current working directory of the application,
instead of the Windows system directory or the directory where the
application is installed.
The current working directory could be the desktop, a removable
storage device such as a USB key, a Windows file share, or a WebDAV
location. When a file associated with an application is opened, a
DLL in the same directory as the file may be loaded. Although an
attacker may not have permission to write to the Windows system or
application directories, the attacker may be able to write a DLL to
a directory used to store files, or the attacker could provide
their own directory.
Attacks against this type of vulnerability have been referred to as
"binary planting." Please see Vulnerability Note VU#707943 and
Microsoft Security Advisory 2269637 for more information.
....