Jump to content

Unpatched hole in ImgBurn disk burning application


Recommended Posts

Posted

Unpatched hole in ImgBurn disk burning application

 

ImgBurn Logo According to security specialist Secunia, a highly critical vulnerability in ImgBurn, a lightweight disk burning application, can be used to remotely compromise a user's system. The security issue in the freeware program is reportedly caused by the application loading libraries (dwmapi.dll) in an "insecure manner", which can then lead to the execution of arbitrary code.

 

The problem has been confirmed to affect version 2.5.4.0 of ImgBurn, the latest release from 12 December; however, previous versions are also likely to be vulnerable. For an attack to be successful, a victim must first open a specially crafted file. As such, users are advised to avoid opening untrusted files.

 

http://www.h-online.com/security/news/item/Unpatched-hole-in-ImgBurn-disk-burning-application-1163003.html

 

http://secunia.com/advisories/42798

 

@ Lighting UK: is this really that bad as it sounds?

Posted

It's due to the design of Windows when loading files (via 'LoadLibrary'). It'll attempt to load from the exe directory, current directory, system directory, windows directory and various places as per the 'PATH' environment variable... so if a fake/infected dwmapi.dll file was placed in one of those folders (remember that the ImgBurn folder is in 'Program Files' and that's locked down, and being a regular file, it'll need to have gotten past any AV on the system), when ImgBurn issues the 'LoadLibrary' command on said DLL file, it could load the fake/infected one rather than the real one in windows\system32.

 

ImgBurn wouldn't normally be running as admin so it has no permission to do anything drastic anyway.

 

So is it something I'm worried about... no, not really.

 

ImgBurn is one of thousands of apps that have this 'vulnerability'.

  • 2 weeks later...
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.