The installation software of several popular programs, such as Google Chrome, TrueCrypt, WinRAR, 7-Zip, VLC Media Player and various anti-virus programs, is vulnerable to a .dll attack, allowing an attacker in the worst case, the computer can fully take over.
the problem was discovered by security researcher Stefan Kanthak and published in recent weeks. The installation software shows several .dll files from the “application directory to load. For software that is downloaded from the Internet, this is often the “download directory. An attacker who successfully get malicious DLL files in the download directory, for example through social engineering or a drive-by download can then execute arbitrary code on the computer as the user that setup program starts from the download directory. The installer will even in this case, load the malicious DLL files. Several parties have already released updates, including Oracle, which last week came out with an emergency patch.
No comments:
Post a Comment