navigation bar left navigation bar right

Secunia CSI7
navigation left tab About us navigation right tab
navigation left tab Careers navigation right tab
navigation left tab Memberships navigation right tab
navigation left tab Newsroom navigation right tab
navigation left tab Contact us navigation right tab

Insecure Library Loading - One Down, Many More To Go...

Get this blog as an RSS Feed
15:47 CET on the 9th November 2011
Entry written by Dmitriy Pletnev.

Yesterday, Tuesday, 8th November 2011, Microsoft released its monthly security bulletins fixing vulnerabilities in multiple products. One of the security bulletins covered an Insecure Library Loading vulnerability (SA46752) affecting several versions of Microsoft's Windows OS.

As a quick reminder, Insecure Library Loading vulnerabilities allow an attacker to execute arbitrary code with the privileges of their victim by convincing or tricking a user into opening a file supported by the targeted application. This can be exploited remotely by e.g. hosting a file and malicious library on an Internet accessible server within a WebDAV or SMB share. For more details and background information about this vulnerability class please see our previous blog entry.

Users should be aware that there are other Microsoft products still affected by Insecure Library Loading vulnerabilities within various components. Specifically, the following Secunia Advisories still have an "Unpatched" status: SA41098, SA41136, SA41874, SA41986, and SA42527. As of today, Secunia has confirmed as part of our patch verification process that the vulnerable components mentioned in those advisories are still vulnerable.

Users are encouraged to periodically consult our continuously updated list of patched and unpatched Insecure Library Loading vulnerabilities to stay informed about the latest vulnerable applications and fixes.

Stay Secure,

Dmitriy Pletnev
Security Specialist

Discuss this blog entry
A new thread in our forum is created. Activate the thread by commenting/discussing below.
Subject: Insecure Library Loading - One Down, Many More To Go...
No posts yet


You must be logged in to post a comment.

 Products Solutions Customers Partner Resources Company
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
Technology Partners
 About us

Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
Secunia © 2002-2015 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+