Tuesday, January 4, 2011

ImgBurn 2.4.0.0 dll hijack vulnerability

I have found a vulnerability in ImgBurn that could allow a remote attacker to execute arbitrary code on the system. The application does not directly specify the fully qualified path to a dynamic-linked library (dwmapi.dll) when running on Microsoft Windows. By persuading a victim to open a specially-crafted file from a WebDAV or SMB share using a vulnerable application, a remote attacker could exploit this vulnerability via a specially-crafted library to execute arbitrary code on the system.







IN THE NEWS :

http://www.governmentsecurity.org/latest-security-news/critical-vulnerability-in-imgburn.html
http://www.livehacking.com/2011/01/05/unpatched-hole-in-imgburn-disk-burning-application/
http://www.h-online.com/security/news/item/Unpatched-hole-in-ImgBurn-disk-burning-application-1163003.html
http://forums.cnet.com/7723-6132_102-512542.html
http://www.net-security.org/secworld.php?id=10397
http://www.esecurityplanet.com/headlines/article.php/3919281/Security-Vulnerability-Found-in-ImgBurn.htm
http://www.naked-security.com/nsa/185411.htm
http://www.zerodaylab.com/vulnerabilities/CVE-2011/CVE-2011-0403.html




    No comments:

    Post a Comment