ID: IRCNE2011051103
Date: 2011-05-09
Although Microsoft has patched multiple DLL load hijacking vulnerabilities since last summer, Windows and Internet Explorer 9 (IE9) can still be exploited, a security company warned.
According to Computer World, researchers from Acros will demonstrate the new attacks at the Hack in the Box security conference in Amsterdam later this month. "We'll reveal how IE8 and IE9 can be used on Windows 7, Vista and XP for attacking users without any security warnings, even in 'Protected mode,' and how to remotely make many seemingly-safe applications, for example, Word 2010 and PowerPoint 2010, vulnerable," said Acros CEO.
The attack class called "DLL load hijacking" by some, but dubbed "binary planting" by Acros.
Microsoft confirmed that it's investigating the claims by Acros Security.
Last year it became disclosed that many Windows applications don't call DLLs using a full path name, but instead use only the filename, giving hackers a way to trick an application into loading a malicious file with the same title as a required DLL. If attackers can dupe users into visiting malicious Web sites or remote shared folders, or get them to plug in a USB drive -- and in some cases con them into opening a file -- they can hijack a PC and plant malware on it.
Since then, Microsoft has issued 13 DLL load hijacking-related updates, when it patched a pair in Office and Visual Studio as part of a massive 64-fix update.
At Hack in the Box, Kolsek intends to demonstrate exploits of DLL load hijacking bugs in Windows using malicious Word 2010 and PowerPoint 2010 documents, and against IE9. The IE9 attack works even on Windows 7, where the browser runs in a "sandbox" of sorts, an anti-exploit technology designed to block hackers from infecting a PC.
At one point last year, Microsoft said it patched all the DLL load hijacking bugs it knew about. At the time, however, the company left the door open to more. "We're not closing that [DLL load hijacking] advisory just yet, and will continue to investigate."
- 2