Announcement

Collapse
No announcement yet.

DVDFab Insecure Library Loading Vulnerability

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    DVDFab Insecure Library Loading Vulnerability

    May I ask if this also will get fixed next time around on the next update?
    Or DEP and ASLR (standard Windows protection add-ins)

    Full details below of the exploit are below..

    Regards,

    C.


    Secunia Advisory SA41228
    DVDFab Insecure Library Loading Vulnerability
    Secunia Advisory SA41228
    Get alerted and manage the vulnerability life cycle
    Free Trial

    Release Date 2010-09-01

    Popularity 442 views
    Comments 0 comments

    Criticality level Highly criticalHighly critical
    Impact System access
    Where From remote
    Authentication level Available in Customer Area

    Report reliability Available in Customer Area
    Solution Status Unpatched

    Systems affected Available in Customer Area
    Approve distribution Available in Customer Area

    Software:
    DVDFab 7.x
    DVDFab 8.x

    Secunia CVSS Score Available in Customer Area
    CVE Reference(s) No CVE references.



    Description
    A vulnerability has been discovered in DVDFab, which can be exploited by malicious people to compromise a user's system.

    The vulnerability is caused due to the application bundling a vulnerable version of mfc90.dll, which loads libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a dvdfab6 file located on a remote WebDAV or SMB share.

    Successful exploitation allows execution of arbitrary code.

    The vulnerability is reported in version 7.0.4.0 and confirmed in version 8.0.0.5. Other versions may also be affected.

    Solution
    Do not open untrusted files.

    Provided and/or discovered by
    Reported by an unknown person.

    Original Advisory
    http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/
    Tags: None
    #2
    Thank you Captain, for going to the trouble of registering to share this with us. The developers will decide if it is a real problem and take the appropriate steps if any. Since DVDFab is used almost exclusively for opening local files and commercially pressed discs, I wonder if it is really as "Critical" as the report suggests. Anyone opening unknown or suspicious files (e.g. with DVDFab Video Converter) without scanning them first for viruses/malware may be the authors of their own misfortune.

    The source of the report must also be considered:
    Reported by an unknown person.
    Supplying DVDFab Logs in the Forum ...........................User Manual PDF for DVDFab v11................................ Guide: Using Images in Posts
    Supplying DMS Logs to Developers................................Enlarger AI FAQ.....

    Comment

      #3
      Originally posted by signals View Post
      Thank you Captain, for going to the trouble of registering to share this with us. The developers will decide if it is a real problem and take the appropriate steps if any. Since DVDFab is used almost exclusively for opening local files and commercially pressed discs, I wonder if it is really as "Critical" as the report suggests. Anyone opening unknown or suspicious files (e.g. with DVDFab Video Converter) without scanning them first for viruses/malware may be the authors of their own misfortune.

      The source of the report must also be considered:
      Frankly I hope the developers take the time to iron this thing out as it hooks into a exploit in several versions of Windows in it handling of DLL's.

      Furthermore I do believe Secunia does not take things lightly.

      Nor do I see any indication why DEP and ASLR are not deployed. From what I read these additional protection system have been around for some time now. I would have assumed this being used in your fine software I have been a fan of for many years.
      Keep in mind I still care enough to make a post about a tool I like to keep around.

      Note: if I have to remind users (on a daily bases) NOT to open links in emails I am somewhat concerned that they will open untrusted media without too much thinking. Besides I think Meta-ploy (a toolkit used by various people) is already creating tools to actively exploit vulnerabilities like these. Frankly most folks want things to work out-of-the-box without considering manual scanning items etc.


      Regards,

      C.
      Last edited by CaptainLeonidas; 09-07-2010, 07:21 AM.

      Comment

        #4
        Flash Player using LSO's as a spy system and www.dvdfab.com

        I saw this site uses LSO's. Care to clarify?

        Am I mistaken assuming regular cookies would not do the same job too?

        Recently I have started using Firefox with a plugin called BetterPrivacy. Browsing your main site (www.dvdfab.com) I noticed a LSO cookie is being created.

        After reading this link "http://www.h-online.com/security/new...m-1073161.html" I am wondering if this is needed indeed.

        Regards,

        C.

        Comment

          #5
          Two threads on same subject merged.

          Comment

          Previous template Next
          Working...
          X