40 Windows apps contain critical bug, says researcher

Devilpapaya

Member
Apr 11, 2010
146
0
0

Interesting that the article don't specify whether the exploits are windows related, or just bad coding in the programs.

Or whether it is specific to a certain version/SP/edition of windows

Or whether it is MS/large developer apps (well, besides ITunes) or random third party apps.

They make one comment "including in the windows shell" but don't elaborate any more than that.

Very vague and uninformative.
 

Modelworks

Lifer
Feb 22, 2007
16,240
7
76
Full explanation:
http://isc.sans.edu/diary.html?storyid=9445

It is basically when an application is programmed to search for the dll to use rather than the program specifying where the dll should be loaded from.

The default for a program without it being specified is:
1. The directory from which the application loaded.
2. The system directory. Use the GetSystemDirectory function to get the path of this directory.
3. The 16-bit system directory. There is no function that obtains the path of this directory, but it is searched.
4. The Windows directory. Use the GetWindowsDirectory function to get the path of this directory.
5. The current directory.
6. The directories that are listed in the PATH environment variable. Note that this does not include the per-application path specified by the App Paths registry key. The App Paths key is not used when computing the DLL search path.

MS has a quick fix that tries to patch the problem but I can see their solution causing problems too.
http://support.microsoft.com/kb/2264107