Lucene search

CERTVU:707943

HistoryAug 25, 2010 - 12:00 a.m.

Microsoft Windows based applications may insecurely load dynamic libraries

2010-08-2500:00:00

www.kb.cert.org

0.082 Low

EPSS

Percentile

94.3%

JSON

Overview

Some applications for Microsoft Windows may use unsafe methods for determining how to load DLLs. As a result, these applications can be forced to load a DLL from an attacker-controlled source rather than a trusted location.

Description

Dynamically Linked Libraries (DLLs) are executable software components that are incorporated into a program at run-time rather than when the program is compiled and linked. Functions included in these libraries can be loaded in different ways by an application. In the case of run-time dynamic linking, a module uses the LoadLibrary() or LoadLibraryEx() functions to load the DLL at run time. If the location of the DLL to be loaded is not specified (such as specifying a fully qualified path name) by the application, Microsoft Windows defines an order in which directories are searched for the named DLL. By default, this search order contains the current directory of the process.

If an attacker can cause an affected application to call LoadLibrary() while the application’s current directory is set to one controlled by the attacker, that application may run the attacker’s code from a specially named DLL also supplied in that directory. This can occur when the affected application opens a normal file typically associated with it from the attacker-controlled directory. The specific name of the DLL that an attacker would need to choose varies depending on the affected application.

Impact

A remote, unauthenticated attacker with the ability to supply a malicious DLL may be able to execute arbitrary code on a vulnerable system. In the most likely exploit scenario, an attacker could host this malicious DLL on a USB drive or network share. The attacker-supplied code would be run with the privileges of the user of the affected application.

In some cases of affected applications, an attacker who already has access to a local folder on the system could use this vulnerability in a local application running with elevated privileges to escalate their own privileges on the system.

Solution

Apply a patch from the vendor
The vulnerability described generically above can be manifest in a variety of software products. Please see the Vendor Information section of this document for information about specific applications that may be affected by this issue.

For Developers:

Ensure that applications do not load libraries from insecure locations

Developers of applications for the Windows platform should ensure that their applications call SetDllDirectory() with a blank path before calling LoadLibrary() to ensure that the DLL is not loaded from the current directory. More information about how to load libraries securely can be found in the following Microsoft articles: Dynamic-Link Library Security and Another technique for Fixing DLL Preloading attacks.

For Administrators:

Disable loading of libraries from the current working directory

According to Microsoft Security Advisory 2269637:

Note_ This workaround requires installation of the tool described in Microsoft Knowledge Base Article 2264107._

Microsoft has released a tool which allows customers to disable the loading of libraries from remote network or WebDAV shares. This tool can be configured to disallow insecure loading on a per-application or a global system basis.

Customers who are informed by their vendor of an application being vulnerable can use this tool to help protect against attempts to exploit this issue.

After the update listed in KB article 2264107 has been installed, the following registry value can be used to remove the current working directory from the default DLL search order:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"CWDIllegalInDllSearch"=dword:ffffffff
Note that making this change may cause some applications to not behave properly.

Disable the WebClient service

According to Microsoft Security Advisory 2269637:

Disabling the WebClient service helps protect affected systems from attempts to exploit this vulnerability by blocking the most likely remote attack vector through the Web Distributed Authoring and Versioning (WebDAV) client service. After applying this workaround, it will still be possible for remote attackers who successfully exploited this vulnerability to cause Microsoft Office Outlook to run programs located on the targeted user’s computer or the Local Area Network (LAN), but users will be prompted for confirmation before opening arbitrary programs from the Internet.

To disable the WebClient Service, follow these steps:

Click Start, click Run, type Services.msc and then click OK.
Right-click WebClient service and select Properties.
Change the Startup type to Disabled. If the service is running, click Stop.
Click OK and exit the management application.

While this workaround does not remove the vulnerability, it does block an attack vector for this vulnerability.

Block outgoing SMB traffic

Block outgoing connections on ports 139/tcp, 139/udp, 445/tcp, and 445/udp at your network perimeter. Doing so will help prevent machines on the local network from connecting to SMB servers on the internet. While this does not remove the vulnerability, it does block an attack vector for this vulnerability.

Vendor Information

This list is known to be incomplete.

707943

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Abvent __ Affected

Updated: September 01, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

http://secunia.com/advisories/41198/

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Adobe __ Affected

Updated: October 13, 2016

Statement Date: October 13, 2016

Status

Affected

Vendor Statement

A DLL pre-loading issue existed in the Adobe Flash Player and Acrobat Reader DC installers for Windows. The problem has been fixed in the following versions:

- Installers for Adobe Flash Player

Adobe Flash Player installer/uninstaller version 22.0.r0
Adobe Download Manager version 2.0.0.120s
- Installer for Adobe Acrobat Reader DC
Adobe Download Manager version 2.0.0.120s

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41126/>
<http://secunia.com/advisories/41134/>
<http://secunia.com/advisories/41110/>
<http://secunia.com/advisories/41060/>
<http://secunia.com/advisories/41233/>
<http://secunia.com/advisories/41232/>
<http://secunia.com/advisories/41130/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Apple Inc. __ Affected

Updated: August 30, 2010

Statement Date: August 10, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

<http://support.apple.com/kb/HT4105>

Addendum

<http://secunia.com/advisories/41123/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Atomix Productions __ Affected

Updated: September 01, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41115/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Autodesk, Inc __ Affected

Updated: September 02, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41013/>

<http://secunia.com/advisories/41156/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Avast! Antivirus Software __ Affected

Updated: August 26, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41109/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Bentley Systems __ Affected

Updated: September 02, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41106/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

BitTorrent __ Affected

Updated: August 26, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41051/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Bitmanagement Software __ Affected

Updated: September 01, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41230/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Cisco Systems, Inc. __ Affected

Updated: August 26, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41125/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Conceiva __ Affected

Updated: November 09, 2011

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

It has been reported that Mezzmo version 2.4.5.0 on Windows XP SP3 is vulnerable.

Vendor References

<http://www.conceiva.com/products/mezzmo/default.asp>

Corel Corporation __ Affected

Updated: August 30, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41148/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

CyberLink Corporation __ Affected

Notified: August 30, 2010 Updated: August 30, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41142/>

<http://secunia.com/advisories/41174/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

DAEMON Tools __ Affected

Updated: August 30, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41146/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Dassault Systemes __ Affected

Updated: September 27, 2010

Status

Affected

Vendor Statement

Final Solution addressed by Bug Report BR10000097255. More technical information about the corresponding CATIA Bug Report are available for CATIA V5 customers on the DS Support site <http://www.3ds.com/support>.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

DivX, Inc. __ Affected

Updated: August 30, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41108/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

EZB Systems __ Affected

Updated: September 01, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41227/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Ecava Affected

Updated: January 25, 2011

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

<http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-10-362-01.pdf>

Fengtao Software __ Affected

Updated: September 01, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41228/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

GFI Software, Inc. __ Affected

Updated: September 01, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41226/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

GRAPHISOFT __ Affected

Updated: September 01, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41231/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Gilles Vollant Software __ Affected

Updated: September 01, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41225/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Guidance Software, Inc. __ Affected

Notified: January 04, 2011 Updated: February 29, 2012

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

EnCase Law Enforcement/Government Edition version 7.03 is affected. Additional versions may also be affected.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

HTTrack __ Affected

Updated: September 01, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41224/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

IBM Corporation __ Affected

Updated: September 01, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41223/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

IZArc __ Affected

Updated: August 26, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41131/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Inkscape __ Affected

Updated: September 01, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41222/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Maxthon __ Affected

Updated: September 01, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41200/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Microchip Technology __ Affected

Updated: September 01, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41219/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Microsoft Corporation __ Affected

Updated: September 02, 2010

Statement Date: August 23, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Addendum

<http://secunia.com/advisories/41136/>

<http://secunia.com/advisories/41114/>
<http://secunia.com/advisories/41104/>
<http://secunia.com/advisories/41098/>
<http://secunia.com/advisories/41050/>
<http://secunia.com/advisories/41063/>
<http://secunia.com/advisories/41212/>
<http://secunia.com/advisories/41211/>
<http://secunia.com/advisories/41202/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Mozilla __ Affected

Updated: September 02, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

<http://hg.mozilla.org/mozilla-central/rev/df37bb06494a>

Addendum

<http://secunia.com/advisories/41168/>

<http://secunia.com/advisories/41151/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

NetStumbler __ Affected

Updated: September 01, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41188/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Nokia __ Affected

Updated: September 01, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41184/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Norman Affected

Updated: April 13, 2012

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nullsoft __ Affected

Updated: August 26, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41093/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Opera __ Affected

Updated: July 13, 2016

Status

Affected

Vendor Statement

“A DLL pre-loading issue existed in the Opera installer. This problem was addressed in Opera 37. Note that this was treated as an enhancement, not a security issue.”

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41083/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

PGP Corporation __ Affected

Updated: September 02, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41135/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

PKWARE __ Affected

Updated: August 26, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41103/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Pixia __ Affected

Updated: September 02, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41176/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

RealNetworks, Inc. __ Affected

Updated: August 26, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41092/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

SiSoftware __ Affected

Updated: September 01, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41178/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Smart Projects __ Affected

Updated: September 01, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/product/14343/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Sonic Solutions __ Affected

Updated: August 26, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41137/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Sony Corporation __ Affected

Updated: September 01, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41164/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

SweetScape Software __ Affected

Updated: August 26, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41094/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

TeamViewer __ Affected

Updated: August 26, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41112/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

TechSmith Corporation __ Affected

Updated: August 26, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41119/>

<http://secunia.com/advisories/41124/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

TortoiseSVN __ Affected

Updated: September 01, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41259/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Tracker Software __ Affected

Updated: September 02, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41197/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

VMware Affected

Updated: August 24, 2010

Statement Date: April 08, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

<http://www.vmware.com/security/advisories/VMSA-2010-0007.html>

VideoLAN __ Affected

Updated: August 26, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41107>

CVE-2010-3124

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

WinMerge __ Affected

Updated: September 01, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41143/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Wireshark __ Affected

Updated: September 02, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41064/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

Wolters Kluwer __ Affected

Updated: September 02, 2010

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

<http://secunia.com/advisories/41097/>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23707943 Feedback>).

View all 54 vendors __View less vendors __

CVSS Metrics

Group	Score	Vector
Base	0	AV:–/AC:–/Au:–/C:–/I:–/A:–
Temporal	0	E:F/RL:TF/RC:ND
Environmental	0	CDP:ND/TD:H/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Instances and variations of this vulnerability were independently discovered by a number of researchers, including Georgi Guninski; Simon Raner, Jure Skofic and Mitja Kolsek of ACROS Security; Taeho Kwon and Zhendong Su; H.D. Moore. Some vendor information comes from Secunia.

This document was written by Chad R Dougherty.