CERT mailing list archives
Current Activity - Insecure Loading of Dynamic Link Libraries in Windows Applications
From: Current Activity <us-cert () us-cert gov>
Date: Wed, 20 Oct 2010 09:41:22 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 US-CERT Current Activity Insecure Loading of Dynamic Link Libraries in Windows Applications Original release date: August 31, 2010 at 9:02 am Last revised: October 20, 2010 at 9:06 am US-CERT is aware of a class of vulnerabilities related to how some Windows applications may load external dynamic link libraries (DLLs). When an application loads a DLL without specifying a fully qualified path name, Windows will attempt to locate the DLL by searching a defined set of directories. If an application does not securely load DLL files, an attacker may be able to cause the affected application to load an arbitrary library. By convincing a user to open a file from a location that is under an attacker's control, such as a USB drive or network share, a remote attacker may be able to exploit this vulnerability. Exploitation of this vulnerability may result in the execution of arbitrary code. Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#707943. US-CERT encourages users and administrators to review the vulnerability note and consider implementing the following workarounds until fixes are released by affected vendors: * disable loading libraries from WebDAV and remote network shares * disable the WebClient service * block outgoing SMB traffic Update 10/19/2010: The Mozilla Foundation has released Firefox 3.6.11 to address this issue. Users and administrators are encouraged to review Mozilla Foundation Security Advisory MFSA 2010-71 and update to Firefox 3.6.11 to help mitigate the risks. This issue is also addressed in Firefox 3.5.14, Thunderbird 3.1.5 and 3.0.9, and SeaMonkey 2.0.9. Update 9/16/2010: Apple has released QuickTime 7.6.8 to address the DLL issue in earlier versions of Quicktime for Windows. Users and administrators are encouraged to review Apple article HT4339 and update to QuickTime 7.6.8 to help mitigate the risks. Update 09/10/10: Research In Motion has released security advisory KB24242 to address the DLL issue in its BlackBerry Desktop Software for Windows version 6.0. This issue impacts all versions of the BlackBerry Desktop Software and may allow an attacker to convince the user to execute arbitrary code. Users and administrators are encouraged to review BlackBerry security advisory KB24242 and update to version 6.0.0.47 to help mitigate the risks. Update 09/01/10: Microsoft has released Fix it tool 50522 to assist users in setting the registry key value introduced with Microsoft support article 2264107 to help reduce the risks posed by the DLL loading behavior described in VU#707943. Users and administrators are encouraged to review Microsoft support article 2264107 and the Microsoft Security Research & Defense TechNet blog entry, and to consider using the Fix it tool to help reduce the risks. Users should be aware that setting the registry key value as described in the support article or via the Fix it tool may reduce the functionality of some third-party applications. US-CERT will provide updates when additional details become available. Relevant Url(s): <http://support.apple.com/kb/HT4339> <http://www.kb.cert.org/vuls/id/707943> <http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB24242> <http://blogs.technet.com/b/srd/archive/2010/08/31/an-update-on-the-dll-preloading-remote-attack-vector.aspx> <http://support.microsoft.com/kb/2264107> <http://www.mozilla.org/security/announce/2010/mfsa2010-71.html> ==== This entry is available at http://www.us-cert.gov/current/index.html#insecure_loading_of_dynamic_link -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTL7xaj6pPKYJORa3AQKw0wgAwRyInQHdUHy5wOt6JelEmrlP9HWGJpv3 0dfMztIRMAufQaPvrUhDP6mpYz2eh53xIYSdC3HfvmFd+nV9I0iz+ZQMCinHyrSk NLj41XK+qDiu5Vm+XyUw+hiyZAFQbxhEU7QWX1aO7PSHYjcS+jtT8vIVsIplywAy HFpJJISxjZg5PIXWW9zXjgGoRrsbl4gSzwEAfQNbMG5anQrobcvVAspo/S4Wpt4Z nb8Ft0JIBLvBcrkW4isaTiTcwDvZ10wn2uKZNtEQVjuqo7XagVWJir4GVg8IkVrq JDuOsYMwD+Gm5N6M6ZEKAVg+/LKxZRMBMtLWLWFykva21ONwNpwmIg== =Xbet -----END PGP SIGNATURE-----
Current thread:
- Current Activity - Insecure Loading of Dynamic Link Libraries in Windows Applications Current Activity (Aug 25)
- <Possible follow-ups>
- Current Activity - Insecure Loading of Dynamic Link Libraries in Windows Applications Current Activity (Sep 01)
- Current Activity - Insecure Loading of Dynamic Link Libraries in Windows Applications Current Activity (Sep 10)
- Current Activity - Insecure Loading of Dynamic Link Libraries in Windows Applications Current Activity (Sep 16)
- Current Activity - Insecure Loading of Dynamic Link Libraries in Windows Applications Current Activity (Oct 20)