BugTraq
Rafe 7 Insecure Library Loading Vulnerability Oct 18 2010 10:55AM
apa-iutcert nsec ir
A vulnerability has been discovered in Rafe 7, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to the application loading libraries in an insecure manner.
Libraries list called is as follows:
? idapi32.dll
? idbat32.dll
? idr20009.dll
? idsql32.dll
? odbc32.dll
This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a HTML file located on a remote WebDAV or SMB share.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in Rafeh version 7 for Microsoft Windows XP Service Pack 3.
Other versions may also be affected.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus