Close on the heels of Microsoft’s Monday acknowledgement of a vulnerability pertaining to the way Windows handles DLL (dynamic-link library) and related files, security firm Acros disclosed on Tuesday that the flaw probably affected hundreds of applications and that it has already been exploited for executing malicious attacks in the wild.
In its Monday advisory, Microsoft had acknowledged a kind of attack mechanism called DLL preloading, or binary planting; and said that the flaw is not a new one, it does have a new remote-attack vector.
Security firm Acros, which has been conducting research on the issue for the last nine months, said that as many as 41 of Microsoft’s own programs could be remotely exploited using the “DLL load hijacking.”
In addition, the firm also said that two of the exploits which targeted Microsoft-made software included: the Office 2010 presentation app - PowerPoint 2010; and Windows Live Mail, a Vista-bundled free e-mail client available as a free download for Windows 7 users.
In addition, other exploits largely aimed at leveraging “DLL load hijacking” vulnerability in a BitTorrent client called uTorrent; and the network protocol analyzer, Wireshark.
Noting that Acros would “publish a list of the vulnerable apps sometime soon,” Acros CEO Mitja Kolsek added: “The two we fully disclosed to Microsoft were in Windows Address Book/Windows Contacts and Windows Program Manager Group Converter.”
Related News
- Microsoft issues Security Advisory for Help flaw in Windows XP, Server 2003
- Microsoft warns developers about code-execution bug in Windows apps
- Windows vulnerability not likely to allow code execution: Microsoft
- Microsoft issues “out of band” security patch to fix Windows flaw
- Microsoft patches eight “important” vulnerabilities in Movie Maker, Excel
- Microsoft issues security advisory to users about Windows Shell flaw
- Microsoft cautions against new vulnerability in older Windows systems running IE
