Almost every Windows program has 0-day vulnerability

#1 Romeo29

Learning To Bleep

Group: BC Advisor
Posts: 2,834
Joined: 06-July 08
Gender:Not Telling
Location:127.0.0.1

Posted 19 August 2010 - 10:16 PM

Quote

An unpatched problem with Windows applications is much worse than first thought, with hundreds of programs, not just 40, vulnerable to attack, a Slovenian security company said today.

"It was a shocking surprise," said Mitja Kolsek, CEO of Acros Security. "It appears that most every Windows application has this vulnerability."

"We examined a bunch of applications, more than 220 from about 100 leading software vendors, and found that most every one had the vulnerability," said Kolsek. Acros built a specialized tool to help its researchers pinpoint which applications were vulnerable.

http://www.computerworld.com/s/article/918...t?taxonomyId=17

UPDATE : Microsoft has released a Fix-It tool to address the problem. This Fix-It tool will work only after installing the update KB2264107.

This post has been edited by Romeo29: 04 September 2010 - 10:17 AM

ZoneAlarm Free Antivirus+ Firewall | Bitdefender Safebox | avast! free antivirus | ESET Online Scanner

#2 Romeo29

Learning To Bleep

Group: BC Advisor
Posts: 2,834
Joined: 06-July 08
Gender:Not Telling
Location:127.0.0.1

Posted 23 August 2010 - 01:48 PM

More details are now available for this vulnerability which is now being called "Remote Binary Plant" bug.

http://blogs.pcmag.com/securitywatch/2010/...emote_binar.php
http://www.theregister.co.uk/2010/08/20/wi...execution_vuln/

Researchers of ACROS security who discovered this bug in Windows have started a blog to follow this issue : http://acrossecurity.blogspot.com/

Meanwhile, Microsoft has declined to release any patch for this vulnerability saying that this is not Windows problem but application specific problem.
http://www.computerworld.com/s/article/918...s?taxonomyId=17

This post has been edited by Romeo29: 23 August 2010 - 01:54 PM

ZoneAlarm Free Antivirus+ Firewall | Bitdefender Safebox | avast! free antivirus | ESET Online Scanner

#3 Romeo29

Learning To Bleep

Group: BC Advisor
Posts: 2,834
Joined: 06-July 08
Gender:Not Telling
Location:127.0.0.1

Posted 24 August 2010 - 02:23 PM

Microsoft has issued a tool to handle the "Remote Binary Plant" or "Remote DLL loading" bug. Though this bug is present in all versions of Windows, yet the tool is released only for XP, 2008, Vista and 7.

This tool is just a way to secure the system against a possible attack and is intended only for developers and administrators. This tool can be used to block a location to be used for loading DLLs. You can block a location for all applications or for particular applications only.

http://support.microsoft.com/kb/2264107

ZoneAlarm Free Antivirus+ Firewall | Bitdefender Safebox | avast! free antivirus | ESET Online Scanner

#4 Romeo29

Learning To Bleep

Group: BC Advisor
Posts: 2,834
Joined: 06-July 08
Gender:Not Telling
Location:127.0.0.1

Posted 25 August 2010 - 07:42 PM

Finally attacks using this "Remote Binary Plant" bug are being seen in the wild. Attack codes for more than 40 Windows applications are public and being used. The applications include Firefox, Chrome, Safari, Opera,Microsoft's Word 2007, Adobe's Photoshop, Skype, uTorrent and others.

http://www.computerworld.com/s/article/918...or_40_plus_apps

ZoneAlarm Free Antivirus+ Firewall | Bitdefender Safebox | avast! free antivirus | ESET Online Scanner

#5 Layback Bear

Forum Addict

Group: Members
Posts: 1,844
Joined: 12-September 06
Gender:Male
Location:Northern Ohio

Posted 26 August 2010 - 06:53 AM

Thanks Romeo29 for the updates.

#6 chromebuster

Distinguished Member

Group: Members
Posts: 815
Joined: 06-May 10
Gender:Female
Location:the crazy city of Boston, In the North East reaches of New England

Posted 28 August 2010 - 12:04 AM

Oh wow. I think MS should have thought about this way back in 1995 when they thought up the Windows OS, don't you?

Raeder24. We're for community, accessibility for the blind, and technology support. Founded in 2008. join our community at raeder24.org

#7 Romeo29

Learning To Bleep

Group: BC Advisor
Posts: 2,834
Joined: 06-July 08
Gender:Not Telling
Location:127.0.0.1

Posted 28 August 2010 - 12:44 PM

List of vulnerable applications is increasing every day. An independent researcher has listed about 85 applications : http://www.corelan.be:8800/index.php/2010/...nofficial-list/

UTorrent and VLC Player have become the first applications to update and patch against the "Remote binary plant" (also being called "Remote DLL Loading" or the "DLL Hijack") bug.

Metasploit has released a tool to scan and identify vulnerable applications on your system (Only for advanced users)
EDIT : Link removed as many anti-virus engines reported it as trojan.

This post has been edited by Romeo29: 29 August 2010 - 08:37 PM

ZoneAlarm Free Antivirus+ Firewall | Bitdefender Safebox | avast! free antivirus | ESET Online Scanner

#8 Romeo29

Learning To Bleep

Group: BC Advisor
Posts: 2,834
Joined: 06-July 08
Gender:Not Telling
Location:127.0.0.1

Posted 02 September 2010 - 09:06 PM

ACROS Security released a list of SHA-256 hashes of the files vulnerable to this attack.
http://blog.acrossecurity.com/2010/08/rele...-of-binary.html

I have written a program which scans files on your system according to that list. You can download and scan your system for these files too (see the attachment).

Attached File(s)

ScanBug.zip (89.27K)
Number of downloads: 17

This post has been edited by Romeo29: 02 September 2010 - 09:17 PM

ZoneAlarm Free Antivirus+ Firewall | Bitdefender Safebox | avast! free antivirus | ESET Online Scanner

#9 Martel

Bleeping Junior Member

Group: Malware Study Hall Junior
Posts: 1,233
Joined: 05-January 07
Gender:Male
Location:North Carolina U.S.A. Japanese spoken here

Posted 02 September 2010 - 09:25 PM

Romeo29, on Sep 2 2010, 10:06 PM, said:

I have written a program which scans files on your system according to that list. You can download and scan your system for these files too (see the attachment).

Can't get that .zip file

EDIT..o.k. I got it that time

How's this Posted Image

No found.log

This post has been edited by Martel: 02 September 2010 - 09:59 PM

.
.
.

#10 Romeo29

Learning To Bleep

Group: BC Advisor
Posts: 2,834
Joined: 06-July 08
Gender:Not Telling
Location:127.0.0.1

Posted 02 September 2010 - 10:18 PM

If it finds anything only then, it will generate found.log and open it up for you. If it does not find anything, then you will not see any log. Yes, dumb programming :thumbsup: