WellinTech KingView DLL Loading Arbitrary Code Execution Vulnerability
BID:53316
Info
WellinTech KingView DLL Loading Arbitrary Code Execution Vulnerability
| Bugtraq ID: | 53316 |
| Class: | Design Error |
| CVE: |
CVE-2012-1819 |
| Remote: | Yes |
| Local: | No |
| Published: | May 01 2012 12:00AM |
| Updated: | May 01 2012 12:00AM |
| Credit: | Carlos Mario Penagos Hollmann |
| Vulnerable: |
Wellintech KingView 6.53 |
| Not Vulnerable: | |
Discussion
WellinTech KingView DLL Loading Arbitrary Code Execution Vulnerability
WellinTech KingView is prone to a vulnerability which allows attackers to execute arbitrary code.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
KingView 6.53 is vulnerable; other versions may also be affected.
WellinTech KingView is prone to a vulnerability which allows attackers to execute arbitrary code.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
KingView 6.53 is vulnerable; other versions may also be affected.
Solution / Fix
WellinTech KingView DLL Loading Arbitrary Code Execution Vulnerability
Solution:
Updates are available. Please see the references for details.
Solution:
Updates are available. Please see the references for details.
References
WellinTech KingView DLL Loading Arbitrary Code Execution Vulnerability
References:
References:
- Application DLL Load Hijacking (HD Moore)
- Exploiting DLL Hijacking Flaws (hdm)
- Kingview 6.53 Homepage (WellinTech)
- More information about the DLL Preloading remote attack vector (Microsoft)
- ICSA-12-122-01�??WELLINTECH KINGVIEW DLL HIJACK VULNERABILITY (US-CERT)