 |
|
|
|
Microsoft Windows multiple applications DLL hijacking
updated since 26.08.2010 | | Published: |  | 19.12.2011 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 11096 | | Type: |  | client | | Level: |  | 6/10 | | Description: |  | If application is launched via file type association, current path is set to the path file is located, making it's possible to place DLLs application tries to load dynamically into same directory. |
| Affected: |  | MICROSOFT : Windows 2000 Server | | | | MICROSOFT : Windows 2000 Professional | | | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MICROSOFT : Windows Vista | | | | MICROSOFT : Windows 2008 Server | | | | MICROSOFT : Windows 7 | | | | PLOTSOFT : PDFill PDF Editor 8.0 | | | | EMC : RSASecurID Software Token 4.1 | | CVE: |  | CVE-2011-4141 (Untrusted search path vulnerability in EMC RSA SecurID Software Token 4.1 before 4.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Software Token file.) | | | | CVE-2011-2016 (Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability.") | | | | CVE-2011-1991 (Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability.") | | | | CVE-2010-3199 (Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Tortoise. NOTE: this is only a vulnerability when a file extension is associated with TortoiseProc or TortoiseMerge, which is not the default.) |
| Original document |  | EMC, ESA-2011-039: RSA(r), The Security Division of EMC, announces security fixes and improvements for RSASecurID(r) Software Token 4.1 for Microsoft(r)Windows(r) (19.12.2011) |
| | | robkraus_(at)_soutionary.com, Foxit Reader Insecure Library Loading (22.07.2011) |
| | | robkraus_(at)_solutionary.com, PDFill Insecure Library Loading (10.06.2011) |
| | | Mitja Kolsek, Silently Pwning Protected-Mode IE9 and Innocent Windows Applications (08.05.2011) |
| | | NSO Research, NSOADV-2010-010: DATEV Multiple Applications DLL Hijacking Vulnerability (24.01.2011) |
| | | ACROS Security, ASPR #2011-01-11-1: Remote Binary Planting in Multiple F-Secure Products (13.01.2011) |
| | | apa-iutcert_(at)_nsec.ir, Google Desktop Insecure Library Loading Vulnerability (30.11.2010) |
| | | apa-iutcert_(at)_nsec.ir, AOL Instant Messenger Insecure Library Loading Vulnerability (30.11.2010) |
| | | Salvatore "drosophila" Fresta, Audacity <= 1.3 Beta Multiple Local Vulnerabilities (02.11.2010) |
| | | apa-iutcert_(at)_nsec.ir, ACDSee Photo Manager Insecure Library Loading Vulnerability (28.10.2010) |
| | | apa-iutcert_(at)_nsec.ir, FlipAlbum Vista Pro Insecure Library Loading Vulnerability (28.10.2010) |
| | | apa-iutcert_(at)_nsec.ir, Internet Download Manager Insecure Library Loading Vulnerability (28.10.2010) |
| | | apa-iutcert_(at)_nsec.ir, Nessus Client Insecure Library Loading Vulnerability (28.10.2010) |
| | | apa-iutcert_(at)_nsec.ir, Orbit Downloader Insecure Library Loading Vulnerability (28.10.2010) |
| | | apa-iutcert_(at)_nsec.ir, WinMerge Insecure Library Loading Vulnerability (28.10.2010) |
| | | ACROS Security, Breaking The SetDllDirectory Protection Against Binary Planting (28.10.2010) |
| | | apa-iutcert_(at)_nsec.ir, Secunia PSI Insecure Library Loading Vulnerability (28.10.2010) |
| | | ACROS Security, How Visual Studio Makes Your Applications Vulnerable to Binary Planting (26.10.2010) |
| | | indoushka salah el ddine, Microsft COFEE v1.1.2 DLL Hijacking Exploit (19.10.2010) |
| | | indoushka salah el ddine, Vuris win32 mabezat DLL Hijacking Exploit (19.10.2010) |
| | | apa-iutcert_(at)_nsec.ir, Accounting Pro 2003 Insecure Library Loading Vulnerability (19.10.2010) |
| | | apa-iutcert_(at)_nsec.ir, Rafe 7 Insecure Library Loading Vulnerability (19.10.2010) |
| | | apa-iutcert_(at)_nsec.ir, Brilliant Accounting System (59) Insecure Library Loading Vulnerability (19.10.2010) |
| | | apa-iutcert_(at)_nsec.ir, Sahar Money Manager Insecure Library Loading Vulnerability (19.10.2010) |
| | | apa-iutcert_(at)_nsec.ir, Holoo Insecure Library Loading Vulnerability (19.10.2010) |
| | | apa-iutcert_(at)_nsec.ir, Xilisoft Video Converter Ultimate Insecure Library Loading Vulnerability (19.10.2010) |
| | | YGN Ethical Hacker Group, Moovida Media Player version 2.0.0.15 Insecure DLL Hijacking Vulnerability (libc.dll,quserex.dll) (02.09.2010) |
| | | YGN Ethical Hacker Group, KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) (02.09.2010) |
| | | nikhil_uitrgpv_(at)_yahoo.co.in, Tortoise SVN DLL Hijacking Vulnerability (02.09.2010) |
| | | info_(at)_securitylab.ir, Microsoft Windows wscript.exe (XP) DLL Hijacking Exploit (wshfra.dll) (31.08.2010) |
| | | YGN Ethical Hacker Group, QtWeb Browser version 3.3 build 043 Insecure DLL Hijacking Vulnerability (wintab32.dll) (30.08.2010) |
| | | YGN Ethical Hacker Group, Maxthon Browser version 2.5.15.1000 Insecure DLL Hijacking Vulnerability (dwmapi.dll) (30.08.2010) |
| | | YGN Ethical Hacker Group, Notepad++ version 5.7 Insecure DLL Hijacking Vulnerability (30.08.2010) |
| | | glafkos_(at)_astalavista.com, Flash Player 9 DLL Hijacking Exploit (schannel.dll) (30.08.2010) |
| | | glafkos_(at)_astalavista.com, Skype <= 4.2.0.169 DLL Hijacking Exploit (wab32.dll) (30.08.2010) |
| | | MICROSOFT, Microsoft Security Advisory (2269637) Insecure Library Loading Could Allow Remote Code Execution (29.08.2010) |
| | | CERT, US-CERT Technical Cyber Security Alert TA10-238A -- Microsoft Windows Insecurely Loads Dynamic Libraries (29.08.2010) |
| | | glafkos_(at)_astalavista.com, TeamViewer <= 5.0.8703 DLL Hijacking Exploit (dwmapi.dll) (26.08.2010) |
| | | glafkos_(at)_astalavista.com, Firefox <= 3.6.8 DLL Hijacking Exploit [dwmapi.dll] (26.08.2010) |
| | | glafkos_(at)_astalavista.com, Adobe Device Central CS5 DLL Hijacking Exploit (qtcf.dll) (26.08.2010) |
| | | glafkos_(at)_astalavista.com, Adobe Premier Pro CS4 DLL Hijacking Exploit (ibfs32.dll) (26.08.2010) |
| | | glafkos_(at)_astalavista.com, Adobe Illustrator CS4 DLL Hijacking Exploit (aires.dll) (26.08.2010) |
| | | glafkos_(at)_astalavista.com, Adobe InDesign CS4 DLL Hijacking Exploit (ibfs32.dll) (26.08.2010) |
| | | glafkos_(at)_astalavista.com, Adobe On Location CS4 DLL Hijacking Exploit (ibfs32.dll) (26.08.2010) |
|
|
|
|
|
|
|
|
