New .lnk type vulnerability

Discussion in 'other security issues & news' started by CloneRanger, Aug 19, 2010.

Thread Status:
Not open for further replies.
  1. DrvMon

    DrvMon Registered Member

    Joined:
    Aug 23, 2010
    Posts:
    1
    http://www.prevx.com/blog/153/An-oldnew-day-Windows-flaw-on-the-horizon.html
     
  2. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,435
    Location:
    U.S.A.
     
  3. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Well if they are saying it's the software misusing it, then it's up to the vendors to fix it. Let's see how fast they fix their products now they feel the pressure of their userbase.
     
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    All very well, but how can ANY malicious binary get loaded from Anywhere, if it's not allowed in and/or to run ?
     
  5. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256
    Forgive me for being ignorant on this topic, but I'm not connecting the dots here. For this vulnerability to delivery a payload, doesn't it require that the malicious, possibly hidden, DLL files be on the local machine? I suppose it might also be on removable media. Still, I'm not sure how this would be used to 'remotely' attack any machine. From what I'm reading, a malicious DLL file would have to be downloaded to a specific location, and then the user would have to open a specific application/file to launch the attack.

    I'm guessing there has to be more to it than that, and that I'm misinterpreting things. Could anyone please elaborate?
     
  6. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    If anybody runs a test with that, you'll get a medal from me :D
     
  7. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Microsoft Security Advisory (2269637): Insecure Library Loading Could Allow Remote Code Execution

     
    Last edited: Aug 23, 2010
  8. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  9. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  10. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    More information about the DLL Preloading remote attack vector

     
  11. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Exploiting DLL Hijacking Flaws (full link to the article in blog link already posted by CloneRanger)

     
    Last edited: Aug 23, 2010
  12. SUPERIOR

    SUPERIOR Registered Member

    Joined:
    Dec 10, 2007
    Posts:
    161
    Location:
    Syria
    Microsoft won't patch critical DLL loading bugs

    MIcrosoft has told a researcher that it won't patch a problem that has left scores of Windows applications open to attack.

    According to a growing number of reports, crucial Windows functionality has been misused by countless developers, including Microsoft's, leaving a large number of Windows programs vulnerable to attack because of the way they load components

    full story
     
  13. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    @ MrBrian

    Exploiting DLL Hijacking Flaws

    Already listed in Post # 31 ;)

    Thanks for you links :thumb:
     
  14. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    You're welcome :).

    I listed that link again because I gave the full link, not just the general blog, and also because I quoted some important information from it.

    Thank you for your links too :thumb:.
     
  15. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    @ MrBrian

    Understood ;)
     
  16. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Brian, thanks for trying. I quit.
     
  17. Malcontent

    Malcontent Registered Member

    Joined:
    Dec 30, 2005
    Posts:
    606
    Location:
    Cleveland, Ohio USA
    Windows DLL Vulnerability Exploit In the Wild

    http://www.computerworld.com/s/article/9181513/Hacking_toolkit_publishes_DLL_hijacking_exploit
     
  18. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,344
    Location:
    Europe, UE citizen

    To add " all applications " instead of * does have the same effectiveness ?
     
  19. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    It should be the same effectiveness.

    By the way, my CIS guide was revised today to v2.0.
     
    Last edited: Aug 24, 2010
  20. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,344
    Location:
    Europe, UE citizen

    The only doubt I have is if " all applications " is inclusive of the .bat files.
     
  21. RHE10

    RHE10 Registered Member

    Joined:
    Aug 8, 2010
    Posts:
    24
    Video showing the dll exploit issue:

    -http://www.offensive-security.com/offsec/microsoft-dll-hijacking-exploit-in-action/-
     
    Last edited by a moderator: Aug 24, 2010
  22. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  23. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From http://isc.sans.edu/diary.html?storyid=9445:
     
  24. RHE10

    RHE10 Registered Member

    Joined:
    Aug 8, 2010
    Posts:
    24
    Sorry, what am I missing? why was the link to the video de-linked? noob here.
     
  25. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,435
    Location:
    U.S.A.
    RHE10, first, welcome to Wilders! Based on this Policy Decision, we have been de-linking video URLs since then. Although your posted link is not a YouTube URL, it was de-linked, but not removed, because that page's topic is related to this thread.

    More video test publication info here: Posting Policy & Recommended Threads.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.