Start a Conversation

Unsolved

This post is more than 5 years old

3 Apprentice

 • 

15.3K Posts

12835

August 25th, 2010 09:00

Numerous UNPATCHED Applications : Insecure Library Loading Vulnerability

I had already made two posts, each indicating that Firefox and Opera are subject to a highly critical "Insecure Library Loading Vulnerability".

Well, it now seems this particular vulnerabilty is VERY common/widespread, affecting MANY programs (see the partial list below).   Moreover, word is that this vulnerability must be patched separately (i.e., each individual application), rather than there being a single "Windows" patch that can fix it once for everything :emotion-6:

Secunia is rating this vulnerability HIGHLY critical, except for Avast (where it is "LESS" critical):

Adobe Dreamweaver Insecure Library Loading Vulnerability - http://secunia.com/advisories/41110

Adobe Photoshop Insecure Library Loading Vulnerability - http://secunia.com/advisories/41060/

avast! Antivirus Insecure Library Loading Vulnerability [LESS critical] - http://secunia.com/advisories/41109


Mozilla Firefox Insecure Library Loading Vulnerability - http://secunia.com/advisories/41095/

Opera Insecure Library Loading Vulnerability - http://secunia.com/advisories/41083/

TeamViewer Insecure Library Loading Vulnerabilityhttp://secunia.com/advisories/41112/

uTorrent Insecure Library Loading Vulnerability - http://secunia.com/advisories/41051/

VLC Media Player Insecure Library Loading Vulnerability - http://secunia.com/advisories/41107

Office PowerPoint Insecure Library Loading Vulnerability - http://secunia.com/advisories/41063/

Windows Address Book Insecure Library Loading Vulnerability  - http://secunia.com/advisories/41050/

Windows Live Mail Insecure Library Loading Vulnerability http://secunia.com/advisories/41098

Wireshark Insecure Library Loading Vulnerability - http://secunia.com/advisories/41064/
 


3 Apprentice

 • 

15.3K Posts

August 25th, 2010 11:00

Microsoft Security Advisory (2269637) - Insecure Library Loading Could Allow Remote Code Execution

http://www.microsoft.com/technet/security/advisory/2269637.mspx

"This issue is caused by applications passing an insufficiently qualified path when loading an external library. Microsoft has issued guidance to developers in the MSDN article, Dynamic-Link Library Security, on how to correctly use the available application programming interfaces to prevent this class of vulnerability. Microsoft is also actively reaching out to third-party vendors through the Microsoft Vulnerability Research Program to inform them of the mitigations available in the operating system. Microsoft is also actively investigating which of its own applications may be affected".

 

 

5.8K Posts

August 25th, 2010 15:00

From that same MS advisory is the following workaround: Disable the WebClient service

"Disabling the WebClient service helps protect affected systems from attempts to exploit this vulnerability by blocking the most likely remote attack vector through the Web Distributed Authoring and Versioning (WebDAV) client service. After applying this workaround it is still possible for remote attackers who successfully exploit this vulnerability to cause Microsoft Office Outlook to run programs located on the targeted user's computer or the Local Area Network (LAN), but users will be prompted for confirmation before opening arbitrary programs from the Internet.

To disable the WebClient Service, follow these steps:

1. Click Start, click Run, type Services.msc and then click OK.
 
2. Right-click WebClient service and select Properties.
 
3. Change the Startup type to Disabled. If the service is running, click Stop.
 
4. Click OK and exit the management application.
 
Impact of workaround. When the WebClient service is disabled, Web Distributed Authoring and Versioning (WebDAV) requests are not transmitted. In addition, any services that explicitly depend on the Web Client service will not start, and an error message will be logged in the System log. For example, WebDAV shares will be inaccessible from the client computer."

I disabled WebClient earlier this month in response to another vulnerability, with no adverse effects noticed.

3 Apprentice

 • 

15.3K Posts

August 25th, 2010 18:00

1) Emphasize that the above suggestion is a "workaround" --- a temporary, partial blocking mechanism --- rather than an actual "fix".   Of course, a "partial" fix is probably better than no fix at all.

2) The workaround above is just one of three suggested in the Microsoft advisory.   I'm assuming Joe selected only this one because it is simpler to implement (and undo), and it would appear to have minimal (if any) negative consequences.

3) To better understand what this does, the WebClient service "enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available". 

4) BlackViper.com , a website that considers configuring/tweaking Windows services in general , asserts that it's "safe" for (95%+ of) all XP/Vista users to disable the WebClient service "in general", resulting in "little or no side effects" [but for Win7 users, they suggest "manual" is safer (in general)]

XP:  http://www.blackviper.com/WinXP/servicecfg.htm

XPx64:  http://www.blackviper.com/WinXPx64/servicecfg.htm

Vista:  http://www.blackviper.com/WinVista/servicecfg.htm

Win7:  http://www.blackviper.com/Windows_7/servicecfg.htm

So this serves as an  independent confirmation  that it should be safe for XP/Vista (but not necessarily Win7) users to disable the WebClient Service.

 

 

 

5.8K Posts

August 25th, 2010 20:00

You are correct, sir. I do the simple & easily reversible workarounds only.

I am reminded of all the years I ignored MS security patches (not to mention 3rd party updates).

Granted, this was several years ago, but I still managed to avoid infection (I suspect, through safe surfing and common sense).

All these vulnerabilities, and dire warnings, I take with a grain of salt. I would be foolish to ignore them, but at the same time worry about crippling my system taking drastic measures.

 

 

3 Apprentice

 • 

15.3K Posts

August 30th, 2010 05:00

The list of impacted programs continues to grow daily...

and while I don't intend to even try to list every one here, I will take a moment to call attention to

QuickTime PictureViewer Insecure Library Loading Vulnerability http://secunia.com/advisories/41123/

because 1) of QuickTime's widespread popularity,

and 2) it appears in Secunia's PSI as rendering all 3 of my (already insecure) browsers [even more] insecure.

5.8K Posts

August 31st, 2010 20:00

Windows Applications Insecure Library Loading

- The Official, Verified Secunia List

Number of products affected: 81
Number of vendors affected: 28
Number of Secunia Advisories issued: 52

 ... and counting.

See them all here:
http://secunia.com/advisories/windows_insecure_library_loading/

3 Apprentice

 • 

15.3K Posts

September 7th, 2010 18:00

This vulnerability in Avast5 has been fixed with the release of version 5.0.677

3 Apprentice

 • 

15.3K Posts

September 9th, 2010 10:00

This vulnerability in Opera has been fixed with the release of version 10.62

3 Apprentice

 • 

15.3K Posts

September 9th, 2010 10:00

This particular vulnerability has been fixed in Firefox with the release of version 3.6.9 ---

however, this newer firefox still is insecure by virtue of another vulnerability!

3 Apprentice

 • 

15.3K Posts

September 16th, 2010 07:00

this vulnerability in QuickTime PictureViewer has been fixed with the release of version 7.6.8

No Events found!

Top