October 17, 2017
Ethical Hacking | Penetration Testing
Adobe Illustrator CS5 15.0.1, CS5 and CS4 are prone to a vulnerability that lets attackers execute arbitrary code.
An attacker can use this vulnerability by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
Users wishing to use Microsoft’s tool (released last week) to block the DLL vulnerability present in a wide range of programs may find that they have a problem. If the setting for the manually created CWDIllegalInDllSearch registry entry in the ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager’ path is too strict, programs including Google’s Chrome web browser may become unusable. Microsoft has now released a ‘fix-it’ solution which automatically generates the key and sets it to the less severe value of ‘2’ – this protects users from direct DLL hijacking from network shares. The fix-it requires the original tool to have been previously installed. Microsoft is currently considering distributing it via Windows Update.
Read the full article here.
Source:[TheHSecurity]
[ad code=2 align=center]
· Copyright 2009 - 2013 LiveHacking.Com · All Rights Reserved · Powered by ArtSec Group LLC·
· Information Security News, Ethical Hacking Training and Tutorials, Penetration Testing Tools and Techniques ·All trademarks and copyrights on this page are owned by their respective owners. Unless otherwise stated the contents of this website are licenced under Attribution-NonCommercial-ShareAlike 3.0 Unported (CC BY-NC-SA 3.0).