ZoNi Posted January 4, 2011 Share Posted January 4, 2011 Unpatched hole in ImgBurn disk burning application ImgBurn Logo According to security specialist Secunia, a highly critical vulnerability in ImgBurn, a lightweight disk burning application, can be used to remotely compromise a user's system. The security issue in the freeware program is reportedly caused by the application loading libraries (dwmapi.dll) in an "insecure manner", which can then lead to the execution of arbitrary code. The problem has been confirmed to affect version 2.5.4.0 of ImgBurn, the latest release from 12 December; however, previous versions are also likely to be vulnerable. For an attack to be successful, a victim must first open a specially crafted file. As such, users are advised to avoid opening untrusted files. http://www.h-online.com/security/news/item/Unpatched-hole-in-ImgBurn-disk-burning-application-1163003.html http://secunia.com/advisories/42798 @ Lighting UK: is this really that bad as it sounds? Link to comment Share on other sites More sharing options...
LIGHTNING UK! Posted January 4, 2011 Share Posted January 4, 2011 It's due to the design of Windows when loading files (via 'LoadLibrary'). It'll attempt to load from the exe directory, current directory, system directory, windows directory and various places as per the 'PATH' environment variable... so if a fake/infected dwmapi.dll file was placed in one of those folders (remember that the ImgBurn folder is in 'Program Files' and that's locked down, and being a regular file, it'll need to have gotten past any AV on the system), when ImgBurn issues the 'LoadLibrary' command on said DLL file, it could load the fake/infected one rather than the real one in windows\system32. ImgBurn wouldn't normally be running as admin so it has no permission to do anything drastic anyway. So is it something I'm worried about... no, not really. ImgBurn is one of thousands of apps that have this 'vulnerability'. Link to comment Share on other sites More sharing options...
LIGHTNING UK! Posted January 4, 2011 Share Posted January 4, 2011 It's all detailed here: https://www.microsoft.com/technet/security/advisory/2269637.mspx Link to comment Share on other sites More sharing options...
ZoNi Posted January 4, 2011 Author Share Posted January 4, 2011 I thought so, just wanted to be sure Link to comment Share on other sites More sharing options...
LIGHTNING UK! Posted January 4, 2011 Share Posted January 4, 2011 FYI, the next version should be ok (or at least better!). Link to comment Share on other sites More sharing options...
LIGHTNING UK! Posted January 13, 2011 Share Posted January 13, 2011 v2.5.5.0 is out now and should fix the vulnerability. Link to comment Share on other sites More sharing options...
Recommended Posts