Metasploit: Exploiting DLL Hijacking Flaws: http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html

Application DLL Load Hijacking « Rapid7 Network Security Blog: http://blog.rapid7.com/?p=5325

http://threatpost.com/en_us/blogs/hd-moore-windows-dll-vulnerability-082310?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular

http://threatpost.com/en_us/blogs/dll-hijacking-exploit-code-posted-powerpoint-other-apps-082410?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular

From the “patching is not enough” category is this latest issue.  Of which MS has released a security advisory on the issue.

http://blogs.technet.com/b/msrc/archive/2010/08/21/microsoft-security-advisory-2269637-released.aspx

http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx

From the blog by HD Moore

While working on the Windows Shortcut exploit, I stumbled on this class of bugs and identified a couple dozen applications that seemed to be affected by this problem.  iTunes was one of these applications and the details in the Acros advisory made it clear that this was indeed the same flaw. I was planning to finish the advisories and start contacting vendors on August 20th (last Friday). The  Acros advisory on the 18th threw a wrench into this process.I contacted Acros and asked whether they were aware that this problem affected other applications and whether they would like to coordinate the disclosure process. The reply is quoted below.

“I don’t know if you saw the draft of our new commercial disclosure policy, but we essentialy gave up on alerting vendors for free. We’ve been providing free research to them for over 10 years and it hasn’t paid out well. What you’re seeing on Bugtraq now are the “remains of the old days,” so to speak 🙂 We’ve found better markets for this kind of information. To answer your specific question: no, we have not reported any issues in the products you mentioned – and have no intention to, should we come across one. So if your goal is to get credited for alerting them, you have nothing to worry about. I hope it pays off for you. As for the public status of this class of problems, it has been public for at least 10 years now (see the “ancient” NSA Windows NT security guide) and some developers were obviously not aware of it.”

Whoa…nice guys there Acros.

I’m still digesting figuring out what plan of action (if any) I will be doing.

 

Comments are closed.