I have found a vulnerability in ImgBurn that could allow a remote attacker to execute arbitrary code on the system. The application does not directly specify the fully qualified path to a dynamic-linked library (dwmapi.dll) when running on Microsoft Windows. By persuading a victim to open a specially-crafted file from a WebDAV or SMB share using a vulnerable application, a remote attacker could exploit this vulnerability via a specially-crafted library to execute arbitrary code on the system.
IN THE NEWS :
http://www.governmentsecurity.org/latest-security-news/critical-vulnerability-in-imgburn.html
http://www.livehacking.com/2011/01/05/unpatched-hole-in-imgburn-disk-burning-application/
http://www.h-online.com/security/news/item/Unpatched-hole-in-ImgBurn-disk-burning-application-1163003.html
http://forums.cnet.com/7723-6132_102-512542.html
http://www.net-security.org/secworld.php?id=10397
http://www.esecurityplanet.com/headlines/article.php/3919281/Security-Vulnerability-Found-in-ImgBurn.htm
http://www.naked-security.com/nsa/185411.htm
http://www.zerodaylab.com/vulnerabilities/CVE-2011/CVE-2011-0403.html
- CVE ID: 2011-0403 (see also: NVD)
- Secunia Advisory ID: 42798
- Bugtraq ID: 45657
- ISS X-Force ID: 64478
- osvdb : 70273
- Packet Storm: 97207
- security reason: WLB-2011010025
- securitylab : 404029
- hong kong computer emergency response team 11010502
IN THE NEWS :
http://www.governmentsecurity.org/latest-security-news/critical-vulnerability-in-imgburn.html
http://www.livehacking.com/2011/01/05/unpatched-hole-in-imgburn-disk-burning-application/
http://www.h-online.com/security/news/item/Unpatched-hole-in-ImgBurn-disk-burning-application-1163003.html
http://forums.cnet.com/7723-6132_102-512542.html
http://www.net-security.org/secworld.php?id=10397
http://www.esecurityplanet.com/headlines/article.php/3919281/Security-Vulnerability-Found-in-ImgBurn.htm
http://www.naked-security.com/nsa/185411.htm
http://www.zerodaylab.com/vulnerabilities/CVE-2011/CVE-2011-0403.html
No comments:
Post a Comment