Jump to content
Sign in to follow this  
ZoNi

Unpatched hole in ImgBurn disk burning application

Recommended Posts

Unpatched hole in ImgBurn disk burning application

 

ImgBurn Logo According to security specialist Secunia, a highly critical vulnerability in ImgBurn, a lightweight disk burning application, can be used to remotely compromise a user's system. The security issue in the freeware program is reportedly caused by the application loading libraries (dwmapi.dll) in an "insecure manner", which can then lead to the execution of arbitrary code.

 

The problem has been confirmed to affect version 2.5.4.0 of ImgBurn, the latest release from 12 December; however, previous versions are also likely to be vulnerable. For an attack to be successful, a victim must first open a specially crafted file. As such, users are advised to avoid opening untrusted files.

 

http://www.h-online.com/security/news/item/Unpatched-hole-in-ImgBurn-disk-burning-application-1163003.html

 

http://secunia.com/advisories/42798

 

@ Lighting UK: is this really that bad as it sounds?

Share this post


Link to post
Share on other sites

It's due to the design of Windows when loading files (via 'LoadLibrary'). It'll attempt to load from the exe directory, current directory, system directory, windows directory and various places as per the 'PATH' environment variable... so if a fake/infected dwmapi.dll file was placed in one of those folders (remember that the ImgBurn folder is in 'Program Files' and that's locked down, and being a regular file, it'll need to have gotten past any AV on the system), when ImgBurn issues the 'LoadLibrary' command on said DLL file, it could load the fake/infected one rather than the real one in windows\system32.

 

ImgBurn wouldn't normally be running as admin so it has no permission to do anything drastic anyway.

 

So is it something I'm worried about... no, not really.

 

ImgBurn is one of thousands of apps that have this 'vulnerability'.

Share this post


Link to post
Share on other sites
Sign in to follow this  

×

Important Information

By using this site, you agree to our Terms of Use.