Scientific Toolworks Understand 'wintab32.dll' DLL Loading Arbitrary Code Execution Vulnerability
BID:51910
Info
Scientific Toolworks Understand 'wintab32.dll' DLL Loading Arbitrary Code Execution Vulnerability
| Bugtraq ID: | 51910 |
| Class: | Design Error |
| CVE: |
CVE-2012-4755 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 08 2012 12:00AM |
| Updated: | Sep 06 2012 09:09PM |
| Credit: | Gjoko Krstic |
| Vulnerable: |
Scientific Toolworks Understand 2.6 Build 598 |
| Not Vulnerable: |
Scientific Toolworks Understand 2.6.600 Build 600 |
Discussion
Scientific Toolworks Understand 'wintab32.dll' DLL Loading Arbitrary Code Execution Vulnerability
Understand is prone to a vulnerability that lets attackers execute arbitrary code.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
Understand 2.6 Build 598 is vulnerable; other versions may also be affected.
Understand is prone to a vulnerability that lets attackers execute arbitrary code.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
Understand 2.6 Build 598 is vulnerable; other versions may also be affected.
Exploit / POC
Scientific Toolworks Understand 'wintab32.dll' DLL Loading Arbitrary Code Execution Vulnerability
A general exploit technique has been documented by TheLeader and H.D. Moore for the Metasploit Project; please see the references for more information.
A general exploit technique has been documented by TheLeader and H.D. Moore for the Metasploit Project; please see the references for more information.
Solution / Fix
Scientific Toolworks Understand 'wintab32.dll' DLL Loading Arbitrary Code Execution Vulnerability
Solution:
Updates are available. Please see the references for details.
Solution:
Updates are available. Please see the references for details.
References
Scientific Toolworks Understand 'wintab32.dll' DLL Loading Arbitrary Code Execution Vulnerability
References:
References:
- More information about the DLL Preloading remote attack vector (Microsoft)
- Understand Homepage (Scientific Toolworks)
- Build Change Log (Scientific Toolworks)
- Microsoft Security Advisory (2269637) (Microsoft)
- Microsoft Security Advisory 2269637 Released (Microsoft)
- SciTools Understand 2.6 (wintab32.dll) DLL Loading Arbitrary Code Execution (Gjoko Krstic)