MS KB2269637: Insecure Library Loading Could Allow Remote Code Execution
high Nessus Plugin ID 48762
Language:
Synopsis
The remote Windows host may be vulnerable to code execution attacks.Description
The remote host is missing Microsoft KB2264107 or an associated registry change, which provides a mechanism for mitigating binary planting or DLL preloading attacks.Insecurely implemented applications look in their current working directory when resolving DLL dependencies. If a malicious DLL with the same name as a required DLL is located in the application's current working directory, the malicious DLL will be loaded.
A remote attacker could exploit this issue by tricking a user into accessing a vulnerable application via a network share or WebDAV folder where a malicious DLL resides, resulting in arbitrary code execution.
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2 :Please note this update provides a method of mitigating a class of vulnerabilities rather than fixing any specific vulnerabilities.
Additionally, these patches must be used in conjunction with the 'CWDIllegalInDllSearch' registry setting to have any effect. These protections could be applied in a way that breaks functionality in existing applications. Refer to the Microsoft advisory for more information.
See Also
https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2010/2269637
Plugin Details
Severity: High
ID: 48762
File Name: smb_kb2269637.nasl
Version: 1.20
Type: local
Agent: windows
Family: Windows
Published: 8/26/2010
Updated: 11/15/2018
Supported Sensors: Nessus Agent
Risk Information
CVSS v2
Risk Factor: High
Base Score: 9.3
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/o:microsoft:windows
Required KB Items: SMB/Registry/Enumerated, SMB/WindowsVersion
Patch Publication Date: 8/24/2010
Vulnerability Publication Date: 8/18/2010
Reference Information
MSKB: 2269637