Google Earth Insecure Library Loading Vulnerability

Posted on Monday, December 06, 2010 @ 16:46:39 PST in Security
by Raven

SECUNIA ADVISORY ID: SA42524

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42524/

CRITICALITY: Highly Critical

RELEASE DATE: 2010-12-06

DESCRIPTION: A vulnerability has been discovered in Google Earth, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. wintab32.dll and quserex.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a KMZ file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 5.1.3533.1731. Other versions may also be affected.

SOLUTION: Upgrade to version 6.0.

PROVIDED AND/OR DISCOVERED BY: Taeho Kwon and Zhendong Su
 
 
click Related        click Share
 
 
Associated Topics

Internet
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 343,959,738
  • Today: 17,243
Server InfoServer Info
  • Dec 13, 2017
  • 07:07 am PST
 
 

Daily Inspiration