The list of applications known to be vulnerable to the Windows DLL-hijacking bug is growing by the hour, with some sites listing more than 30 vulnerable applications right now. A large portion of the known vulnerable apps belong to Microsoft, including PowerPoint 2010 and Microsoft Live Email.
One of the databases of applications known to be vulnerable to the DLL-hijacking flaw, being maintained by Corelan.be, a Belgian security site, lists 33 apps, including PowerPoint, Windows Vista, Google Chrome and Mozilla Firefox. The site also lists Opera, Microsoft Word, Adobe Dreamweaver and Photoshop and dozens of other applications. Vupen Security also is keeping a list of vulnerable applications.
As the DLL-hijacking story has continued to evolve, the scope of the problem has expanded rapidly. Microsoft on Monday acknowledged the DLL-hijacking problem, saying that the problem is a serious one and that the company is still investigating which applications are vulnerable. Within a few hours, word began filtering out about various applications that were known to be susceptible to the problem, with PowerPoint 2010 and Chrome being among the more popular ones that have been identified so far.
In the list of vulnerable applications on Corelan.be, 10 of them are Microsoft products.There have not been any public announcements of fixes for the vulnerability from any affected vendor.
Offensive Security also is maintaining a running repository of exploit code for vulnerable applications in its Exploit Database. That database right now contains exploit code for Windows 7, PowerPoint 2010, Visio, Firefox, Opera and Apple Safari.
Also on Wednesday, HD Moore of Rapid7 and the Metasploit Project released a new version of the audit kit he created to identify vulnerable applications on a local machine. The new version of DLLHijackAuditKit is meant to be much faster, Moore said.