Ravens PHP Scripts

Google Earth Insecure Library Loading Vulnerability
Date: Monday, December 06, 2010 @ 15:46:39 PST
Topic: Security


SECUNIA ADVISORY ID: SA42524

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42524/

CRITICALITY: Highly Critical

RELEASE DATE: 2010-12-06

DESCRIPTION: A vulnerability has been discovered in Google Earth, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. wintab32.dll and quserex.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a KMZ file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 5.1.3533.1731. Other versions may also be affected.

SOLUTION: Upgrade to version 6.0.

PROVIDED AND/OR DISCOVERED BY: Taeho Kwon and Zhendong Su








This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3863