New
#1
Windows DLL bug hits dozens of apps
Read More:A flaw in the way Windows handles DLL (dynamic-link library) and related files likely affects hundreds of applications and has already been used in malicious attacks in the wild, a security researcher said on Tuesday.
Microsoft acknowledged in an advisory on Monday a type of attack mechanism known as DLL preloading, or binary planting and said that while it is not new it does have a new remote-attack vector. Malicious code can now be planted on a network share instead of just on a local system, making it much easier to attack vulnerable systems by duping people into clicking on malicious Web links or opening malicious documents.
Now, the Exploit-db.com exploit database is getting flooded with submissions of applications that people say are vulnerable, including Windows Live Mail, Windows Movie Maker, Microsoft PowerPoint 2010, Office 2007, and non-Microsoft applications like Firefox 3.6.8, Foxit Reader, Wireshark and uTorrent, said Mati Aharoni, founder of security firm Offensive Security, which runs the exploit database.
Windows DLL bug hits dozens of apps | Security - CNET News