Secunia CSI7
About us
Careers
Memberships
Newsroom
Contact us
Blog
News
Articles

Insecure Library Loading - One Down, Many More To Go...

Get this blog as an RSS Feed
15:47 CET on the 9th November 2011
Entry written by Dmitriy Pletnev.

Yesterday, Tuesday, 8th November 2011, Microsoft released its monthly security bulletins fixing vulnerabilities in multiple products. One of the security bulletins covered an Insecure Library Loading vulnerability (SA46752) affecting several versions of Microsoft's Windows OS.

As a quick reminder, Insecure Library Loading vulnerabilities allow an attacker to execute arbitrary code with the privileges of their victim by convincing or tricking a user into opening a file supported by the targeted application. This can be exploited remotely by e.g. hosting a file and malicious library on an Internet accessible server within a WebDAV or SMB share. For more details and background information about this vulnerability class please see our previous blog entry.

Users should be aware that there are other Microsoft products still affected by Insecure Library Loading vulnerabilities within various components. Specifically, the following Secunia Advisories still have an "Unpatched" status: SA41098, SA41136, SA41874, SA41986, and SA42527. As of today, Secunia has confirmed as part of our patch verification process that the vulnerable components mentioned in those advisories are still vulnerable.

Users are encouraged to periodically consult our continuously updated list of patched and unpatched Insecure Library Loading vulnerabilities to stay informed about the latest vulnerable applications and fixes.

Stay Secure,

Dmitriy Pletnev
Security Specialist

Discuss this blog entry
A new thread in our forum is created. Activate the thread by commenting/discussing below.
Subject: Insecure Library Loading - One Down, Many More To Go...
 
No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer