back to article Researcher: Code-execution bug affects 200 Windows apps

About 200 Windows applications are vulnerable to remote code-execution attacks that exploit a bug in the way the programs load binary files for the Microsoft operating system, a security researcher said Thursday. The critical vulnerability, which has already been patched in Apple's iTunes media player for Windows and VMware …


This topic is closed for new posts.
  1. david 12 Silver badge

    binary planting bug and WebDav

    That means that if you rename Virus.exe as Virus.html, you can get your web browser to load it.

    Once it's loaded, you can use some other exploit to execute it.

    Web browsers are carefully guarded against this kind of exploit. Other programs, no so much, and if they try to load a carefully crafted "document" or "picture" or "track", they may be broken.

    To protect against this threat, some common file names are blocked: for example, stuff ending exe and dll.

    And, to protect against this threat, file loading protocols are blocked from the outside world.

    Webdav is a common file loading protocol that is not blocked, and .doc and .jpeg and .m4a are file names that are not blocked.

    So on Windows, many common generic programs may be exposed to a notional threat which people had intended they not be exposed to.

    This is bad, in the sense that using a computer is bad, because it exposes you to malware, because using a computer exposes you to malware. The solution will be to further restrict the way you can use your computer. It has not been a problem before: it only becomes a problem after all the important problems are removed.

    1. N2

      What about

      Sandboxie ?

  2. Anonymous Coward
    Anonymous Coward

    From behind IPCop, nonsense.

    How they going to hack the IPCop password? That's in an encrypted thingy--and never shows in the clear type ascii, and has high ascii as well! I dump all the cache, from all browsers and everything, and only a VM, ssh or Keyboard access's IPCop, I ain't saying you can't figure it out but good luck. Each static IP has rules to stop you as well, but we'll assume you control a workstation. No iframes allowed. No SMB, IPX or any of tha nonsense. I read logs and make mod sec rules based on what I see over time.

  3. Dodgy Dave
    Gates Horns

    Missed a trick with Vista.

    Sounds to me like they've found a bug where, when you play the media file or whatever, the app changes the current directory to point at a network share before executing the media player .exe.

    If so, it truly is an ancient vulnerability in the design of Windows, namely that the current directory is searched for named DLLs before fixed paths. This being a design flaw, it's hard to fix in the OS without breaking compatibility with lots of programs which rely on.

    Which is why it should have been fixed in Vista, where nobody would notice...

    1. Tom 13

      But, but, but...

      That's what THEY TOLD ME they were doing with Vista! However could they have lied to me?!

      /end sarcasm

    2. viet 1

      That's my understanding too...

      What's more worrying is I learnt on my 1st month dealing with unix many moons ago that including '.' or '~' in $PATH was DUMB for obvious reasons a 5 year old can understand. And I'm not even working in IT, just a hobbyist.

      How on earth could so-called IT 'professionals' let this one slip out ? Worse, how did it managed to be green lighted after supposedly careful reviews of windows security model announced with fanfare by B. Gates himself 10 years ago ? It's just plain stupid.

  4. Tom Chiverton 1

    WSUS won't save you now

    And this is why Windows needs a proper distributed repository-based way of installing applications, rather than every app shipping with it's own copy of the library (dll).

  5. Al fazed

    F*CKED ?

    Has anyone bothered to point this sort of stuff out to Martha Lane Fox on the Direct.Gov Review ?


  6. snowdude

    SafeDllSearchMode anyone?

    The majority of this issue was addressed with XP and sp2 with a setting called SafeDllSearchMode (which is enabled by default).

    With SafeDllSearchMode Windows only looks for a DLL in the current directory AFTER it has searched the app folder and system folders but, and this could a problem, before it searches the PATH.

    Therefore if an app tries loading a DLL that it simply expects to be in the path but there is a DLL of the same name in the current directory you could be in for a world of pain. Not quite sure why any app would need to load a DLL from the current directory and therefore why it wasn't removed when SafeDllSearchMode was added.

    Check your apps!

  7. dssf

    220 Apps and counting?

    How does one find the list of affected apps? How does one find the list of ALL affecte but now patched apps?

    If this were an open source O/S issue, we might immediately read of the link to apps we need to beef up or stop using.

    1. Robert Forsyth

      Re: 220 Apps and counting?

      Any application that loads documents and components / plug-ins / filters / etc.

This topic is closed for new posts.