Firefox, uTorrent and PowerPoint hit by Windows DLL bug

http://www.theregister.co.uk/2010/08/24/windows_dll_casualties/

 

I guess I chose a good day (yesterday) to change from FF to Chrome.

 

I see on Secunia'a site that avast! Antivirus 5.x is listed as well. This stuff is not good.

 

It seems like this can be stopped dead in its tracks by SRP+LUA.

 

I found this to be rather disconcerting until I read the following:

..."An attacker would have to convince a user to click a link to their SMB (Server Message Block) or WebDAV (Web-based Distributed Authoring and Versioning) share and then convince the user to open a file from that share which would trigger additional dialogs prompting the user to OK the action."...

http://gcn.com/articles/2010/08/25/powerpoint-firefox-users-at-risk-of-microsoft-vulnerability.aspx

So, does this exploit require one heck of a lot of user interaction or what?

 

I'm sure most of the folks on here aren't too worried about it. There are a lot of people that will do whatever they are prompted to do though. And those people will call me when they mess up their machine.

 

uTorrent 2.0.4 has a fix for this issue.

 

The 2.0.4 release addresses the issue. uTorrent were one of the first third-party vendors to jump on whatever exploits were in their software and got them out ASAP (no plug intended or implied).

 

You were reading my mind before I got to your post.