Author Topic: Will DLL vulnerability be fixed in next build?  (Read 4509 times)

0 Members and 1 Guest are viewing this topic.

Tgell

  • Guest
Will DLL vulnerability be fixed in next build?
« on: August 27, 2010, 04:40:05 AM »
Quote
Some applications for Microsoft Windows may use unsafe methods for determining how to load DLLs. As a result, these applications can be forced to load a DLL from an attacker-controlled source rather than a trusted location.

Vendor                            Status                Date Updated

Avast! Antivirus Software   Affected                2010-08-26

Avast along with a few others are affected.

http://www.kb.cert.org/vuls/id/707943

Gargamel360

  • Guest
Re: Will DLL vulnerability be fixed in next build?
« Reply #1 on: August 27, 2010, 04:59:17 AM »
The new pre-release is supposed to cover that.

If you are worried about it and want it now, rather than waiting for the official release, choose your flavor from the links at the start of this thread>>http://forum.avast.com/index.php?topic=63151.0

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 87075
  • No support PMs thanks
Re: Will DLL vulnerability be fixed in next build?
« Reply #2 on: August 27, 2010, 05:02:50 AM »
By all accounts it is already fixed in the current pre-release build 5.0.661, check out this topic I believe there is some reference there, http://forum.avast.com/index.php?topic=63151.0.

Whilst there are lots of pages in the topic, I think it is towards the last few where it is mentioned.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.10.6038 (build 22.10.7633.734) UI 1.0.733/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Tgell

  • Guest
Re: Will DLL vulnerability be fixed in next build?
« Reply #3 on: August 27, 2010, 05:08:42 AM »
Thanks DavidR and Gargamel360.

I guess I should have investigated a little further. I noticed that there was a security fix in the latest pre-release that was related to license files which I now know is the DLL vulnerability.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11660
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Will DLL vulnerability be fixed in next build?
« Reply #4 on: August 27, 2010, 08:42:47 AM »
Just to add, you don't have to be concerned about this issue too much...
For a potential attacker, it would be a very impractical way to exploit the system.

And I have to add that the bug is actually in the Microsoft runtime libraries (that avast, as well as any other application compiled in Visual C++ using MFC, uses).
If at first you don't succeed, then skydiving's not for you.

Offline ky331

  • Sr. Member
  • ****
  • Posts: 303
Re: Will DLL vulnerability be fixed in next build?
« Reply #5 on: August 27, 2010, 01:42:30 PM »
Vlk,
Could you please clarify:  "For a potential attacker, it would be a very impractical way to exploit the system" ----
does this refer specifically to the license vulnerability in avast?...
or to the library vulnerability, in general??
Lenovo T530 laptop, Intel Core i5-3320M @ 2.60 GHz, 8GB RAM, Windows 7 Pro SP1 (64-bit), avast! 17 Free, MBAM3 Pro, Windows Firewall, MVPS HOSTS file, OpenDNS Family Shield, Zemana AntiLogger Free, SpywareBlaster, IE11 & Firefox [both using WOT (IE set to WARN, FF set to BLOCK)], WinPatrol PLUS, uBlock Origin, MBAE, MCShield, CryptoPrevent, SAS (on-demand scanner). 
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

Hermite15

  • Guest
Re: Will DLL vulnerability be fixed in next build?
« Reply #6 on: August 27, 2010, 02:05:36 PM »

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11660
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Will DLL vulnerability be fixed in next build?
« Reply #7 on: August 27, 2010, 02:09:58 PM »
Could you please clarify:  "For a potential attacker, it would be a very impractical way to exploit the system" ----
does this refer specifically to the license vulnerability in avast?...
or to the library vulnerability, in general??

I was referring to avast. The reason is that not many people are really interested in opening .avastlic files.

The DLL planing vulnerability (in general) is a different story. Yes, it's a problem.

If at first you don't succeed, then skydiving's not for you.

Offline ky331

  • Sr. Member
  • ****
  • Posts: 303
Re: Will DLL vulnerability be fixed in next build?
« Reply #8 on: August 27, 2010, 02:11:30 PM »
thank you for your prompt, and succinct, clarification.
Lenovo T530 laptop, Intel Core i5-3320M @ 2.60 GHz, 8GB RAM, Windows 7 Pro SP1 (64-bit), avast! 17 Free, MBAM3 Pro, Windows Firewall, MVPS HOSTS file, OpenDNS Family Shield, Zemana AntiLogger Free, SpywareBlaster, IE11 & Firefox [both using WOT (IE set to WARN, FF set to BLOCK)], WinPatrol PLUS, uBlock Origin, MBAE, MCShield, CryptoPrevent, SAS (on-demand scanner). 
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

Offline davews

  • Jr. Member
  • **
  • Posts: 67
Re: Will DLL vulnerability be fixed in next build?
« Reply #9 on: August 28, 2010, 08:57:27 AM »
I suspect to make use of this exploit the bad guy would have to craft a Phishing email saying for instance 'You antivirus has expired, please click this link to renew'. The link to the .avastlic file would have to be in a form that would be opened by SMB - normal web links won't work - and in that remote folder would be the bogus .dll.
Since the patched version is about to be released, and in any case the rogue .dll would certainly be added to the Avast definitions pretty quickly, I don't think many bad guys are going to go to the trouble.

Personally I think some parts of the security industry have gone way over the top with this one.

Aethec

  • Guest
Re: Will DLL vulnerability be fixed in next build?
« Reply #10 on: August 28, 2010, 10:38:37 AM »
Personally I think some parts of the security industry have gone way over the top with this one.

Indeed. If I understand that vulnerability correctly, it requires opening a file from an untrusted source, and having enough privileges for the exploit to run.
People doing that would have done the same thing with any other phishing things (e.g. "Please change your Facebook password" with an exe requiring admin privileges attached) anyway.