Insecure Library Loading Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 26 Aug 2010 4285 Views

RISK: Medium Risk

Medium Risk

A remote attack vector for a class of vulnerabilities that affects how applications load external libraries has been identified in various applications, which could be exploited by attackers to remotely execute arbitrary code in the context of the user running the vulnerable application when the user opens a file from an untrusted location.

1. Due to specific insecure programming practices that allow so-called "binary planting" or "DLL preloading attacks".

2. Due to applications passing an insufficiently qualified path when loading an external library.

Note: There is no patch available for this vulnerability currently.

Impact

  • Remote Code Execution

System / Technologies affected

  • Applications that do not load external libraries securely.
    - Adobe Dreamweaver
    - Adobe Photoshop
    - Microsoft Office Groove
    - Microsoft Office PowerPoint
    - Microsoft Windows Address Book
    - Microsoft Windows Live Mail
    - Mozilla Firefox
    - Opera

Solutions

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Adobe Shockwave Player Multiple Vulnerabilities

26 Aug 2010 4400 Views

Next

Apple Mac OS X Multiple Vulnerabilities

26 Aug 2010 4396 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY