Exploit Code, List of Apps Vulnerable to DLL Hijacking Hit the Web

The list of applications known to be vulnerable to the Windows DLL-hijacking bug is growing by the hour, with some sites listing more than 30 vulnerable applications right now. A large portion of the known vulnerable apps belong to Microsoft, including PowerPoint 2010 and Microsoft Live Email.

The list of applications known to be vulnerable to the Windows DLL-hijacking bug is growing by the hour, with some sites listing more than 30 vulnerable applications right now. A large portion of the known vulnerable apps belong to Microsoft, including PowerPoint 2010 and Microsoft Live Email.

One of the databases of applications known to be vulnerable to the DLL-hijacking flaw, being maintained by Corelan.be, a Belgian security site, lists 33 apps, including PowerPoint, Windows Vista, Google Chrome and Mozilla Firefox. The site also lists Opera, Microsoft Word, Adobe Dreamweaver and Photoshop and dozens of other applications. Vupen Security also is keeping a list of vulnerable applications.

As the DLL-hijacking story has continued to evolve, the scope of the problem has expanded rapidly. Microsoft on Monday acknowledged the DLL-hijacking problem, saying that the problem is a serious one and that the company is still investigating which applications are vulnerable. Within a few hours, word began filtering out about various applications that were known to be susceptible to the problem, with PowerPoint 2010 and Chrome being among the more popular ones that have been identified so far.

In the list of vulnerable applications on Corelan.be, 10 of them are Microsoft products.There have not been any public announcements of fixes for the vulnerability from any affected vendor.

Offensive Security also is maintaining a running repository of exploit code for vulnerable applications in its Exploit Database. That database right now contains exploit code for Windows 7, PowerPoint 2010, Visio, Firefox, Opera and Apple Safari.

Also on Wednesday, HD Moore of Rapid7 and the Metasploit Project released a new version of the audit kit he created to identify vulnerable applications on a local machine. The new version of DLLHijackAuditKit is meant to be much faster, Moore said.

Suggested articles

Discussion

  • alex on

    Microsoft announced that it will not fix Windows for this security hole, but considering a fix in a next SP (which means only Win7) . MIcrosoft has told a researcher that it won't patch a problem that has left scores of Windows applications open to attack. According to a growing number of reports, crucial Windows functionality has been misused by countless developers, including Microsoft's, leaving a large number of Windows programs vulnerable to attack because of the way they load components. "For the two specific vulnerabilities that have been identified in this paper Microsoft has agreed to work with these vendors on behalf of the authors through the MSVR (Microsoft Vulnerability Research) program," Microsoft said. "As there are application compatibility concerns in changing the way 'Loadlibrary' and 'SetDllDirectory' work currently, Microsoft intends to address the underlying issue in a Service Pack or next version of Office products http://www.computerworld.com/s/article/9181479/Microsoft_won_t_patch_critical_DLL_loading_bugs
  • alex on

    Microsoft announced that it will not fix Windows for this security hole, but considering a fix in a next SP (which means only Win7) . MIcrosoft has told a researcher that it won't patch a problem that has left scores of Windows applications open to attack. According to a growing number of reports, crucial Windows functionality has been misused by countless developers, including Microsoft's, leaving a large number of Windows programs vulnerable to attack because of the way they load components. "For the two specific vulnerabilities that have been identified in this paper Microsoft has agreed to work with these vendors on behalf of the authors through the MSVR (Microsoft Vulnerability Research) program," Microsoft said. "As there are application compatibility concerns in changing the way 'Loadlibrary' and 'SetDllDirectory' work currently, Microsoft intends to address the underlying issue in a Service Pack or next version of Office products http://www.computerworld.com/s/article/9181479/Microsoft_won_t_patch_critical_DLL_loading_bugs

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.