MS KB2269637: Insecure Library Loading Could Allow Remote Code Execution

This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host may be vulnerable to code execution attacks.

Description :

The remote host is missing Microsoft KB2264107 or an associated
registry change, which provides a mechanism for mitigating binary
planting or DLL preloading attacks.

Insecurely implemented applications look in their current working
directory when resolving DLL dependencies. If a malicious DLL with the
same name as a required DLL is located in the application's current
working directory, the malicious DLL will be loaded.

A remote attacker could exploit this issue by tricking a user into
accessing a vulnerable application via a network share or WebDAV
folder where a malicious DLL resides, resulting in arbitrary code
execution.

See also :

http://technet.microsoft.com/en-us/security/advisory/2269637
http://www.nessus.org/u?960d4ef0
http://support.microsoft.com/kb/2264107

Solution :

Microsoft has released a set of patches for Windows XP, 2003, Vista,
2008, 7, and 2008 R2 :

Please note this update provides a method of mitigating a class of
vulnerabilities rather than fixing any specific vulnerabilities.
Additionally, these patches must be used in conjunction with the
'CWDIllegalInDllSearch' registry setting to have any effect. These
protections could be applied in a way that breaks functionality in
existing applications. Refer to the Microsoft advisory for more
information.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: Windows

Nessus Plugin ID: 48762 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now