Insecure Library Loading - One Down, Many More To Go...
15:47 CET on the 9th November 2011 Entry written by Dmitriy Pletnev.
Yesterday, Tuesday, 8th November 2011, Microsoft released its monthly security bulletins fixing vulnerabilities in multiple products. One of the security bulletins covered an Insecure Library Loading vulnerability (SA46752) affecting several versions of Microsoft's Windows OS.
As a quick reminder, Insecure Library Loading vulnerabilities allow an attacker to execute arbitrary code with the privileges of their victim by convincing or tricking a user into opening a file supported by the targeted application. This can be exploited remotely by e.g. hosting a file and malicious library on an Internet accessible server within a WebDAV or SMB share. For more details and background information about this vulnerability class please see our previous blog entry.
Users should be aware that there are other Microsoft products still affected by Insecure Library Loading vulnerabilities within various components. Specifically, the following Secunia Advisories still have an "Unpatched" status: SA41098, SA41136, SA41874, SA41986, and SA42527. As of today, Secunia has confirmed as part of our patch verification process that the vulnerable components mentioned in those advisories are still vulnerable.
Users are encouraged to periodically consult our continuously updated list of patched and unpatched Insecure Library Loading vulnerabilities to stay informed about the latest vulnerable applications and fixes.
Dmitriy Pletnev Security Specialist
Discuss this blog entry
A new thread in our forum is created. Activate the thread by
Subject: Insecure Library Loading - One Down, Many More To Go...
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.