About 200 Windows applications are vulnerable to remote code-execution attacks that exploit a bug in the way the programs load binary files for the Microsoft operating system, a security researcher said Thursday.
The critical vulnerability, which has already been patched in Apple's iTunes media player for Windows and VMware Tools, will be especially challenging to fix, because each application will ultimately need to receive its own patch, Mitja Kolesk, CEO of application security consultancy Acros Security, told The Register.This remind me of problems in the past such as the GDI+ problems from years past and other situations where maybe you deployed a DLL privately, via a Merge Module ( that you must service but who knows if the vendor will provide an update ) or perhaps even a statically linked C++ library that has a problem.
Anyways, does anyone know which library is the problem here? I haven't actually found any public disclosure at this level yet but I'll be sure to update this blog if I do.
your own lib :-)
ReplyDeleteThi is Microsofts by-design error,
keywords:
Search Path, Load Library... DLL hijacking
Vendors must use FQPNs and take care of loading the correct library