Warnings have been made about active exploits for the Dynamic-Link Library (DLL) vulnerability.
The Internet Storm Centre claimed that it received contact about active exploitation in the wild of the Dynamic-Link Library (DLL) vulnerability. It said in an update that while there are potentially hundreds, if not thousands of applications that are vulnerable, it appears that the attackers so far are exploiting uTorrent, Microsoft Office and Windows Mail.
It said: “These are, coincidentally or not, applications for which proof of concept exploits have been published. Remember, it is extremely easy to exploit this and it doesn't require any advanced knowledge so be sure to check Microsoft's recommendation above or be very careful about files you open from network shares.”
The vulnerability was detailed on Monday with a workaround launched by Microsoft yesterday. According to the Exploit Database website, 19 of the listed exploits are on DLL hijacking. Wolfgang Kandek, CTO at Qualys, said that this ‘gives an idea on the breadth of apps' that are affected by this flaw.
Writing on the attackvector.org website, ‘Matt' claimed that there is a ‘deluge of DLL hijacking exploits being released'. He said: “Essentially, the people releasing these are simply using the scripts HD Moore provided to detect the new vulnerabilities and then releasing the details. But, with the sheer amount of exploits being released, it should give you some idea as to the seriousness of this issue and the impact that it has.”
HD Moore is CSO and chief architect of the Metasploit project, and found the vulnerability while researching the Windows shortcut vulnerability that was patched earlier this month.
Geok Meng Ong, manager of anti-malware research of Asia Pacific and Japan at McAfee Avert Labs, said: “McAfee Labs is closely monitoring the exploitation of this technique in the wild and will provide more information as we research them.”