Bugtraq mailing list archives
Rafe 7 Insecure Library Loading Vulnerability
From: apa-iutcert () nsec ir
Date: Mon, 18 Oct 2010 04:55:58 -0600
A vulnerability has been discovered in Rafe 7, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries in an insecure manner. Libraries list called is as follows: idapi32.dll idbat32.dll idr20009.dll idsql32.dll odbc32.dll This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a HTML file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in Rafeh version 7 for Microsoft Windows XP Service Pack 3. Other versions may also be affected.
Current thread:
- Rafe 7 Insecure Library Loading Vulnerability apa-iutcert (Oct 18)