Researcher: Code-execution bug affects 200 Windows apps

Researcher: Code-execution bug affects 200 Windows apps
Researcher: Code-execution bug affects 200 Windows apps

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

Content-Transfer-Encoding: QUOTED-PRINTABLE

By Dan Goodin in San Francisco
The Register
20th August 2010

About 200 Windows applications are vulnerable to remote code-execution 
attacks that exploit a bug in the way the programs load binary files for 
the Microsoft operating system, a security researcher said Thursday.

The critical vulnerability, which has already been patched in Apple's 
iTunes media player for Windows and VMware Tools, will be especially 
challenging to fix, because each application will ultimately need to 
receive its own patch, Mitja Kolsek, CEO of application security 
consultancy Acros Security, told The Register. He agreed with fellow 
researcher H D Moore, who on Wednesday said the critical vulnerability 
is trivial to exploit.

At the time, Moore estimated 40 programs were vulnerable, but security 
experts from Slovenia-based Acros have found that about 200 of the 220 
applications they've tested so far suffer from what they're calling the 
binary-planting bug. They have yet to complete their inquiry.

=E2=80=9CWe are expecting that there should be many more,=E2=80=9D Kolsek said. =E2=80=9CWe were 
just looking for those vulnerabilities that were exploitable in terms of 
the user double-clicking a document or doing a couple of things with the 


Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Subscribe to InfoSec News - 


Site design & layout copyright © 1986-2014 CodeGods