Security News > 2011 > May > Unpatched DLL bugs let hackers exploit Windows 7 and IE9, says researcher

http://www.computerworld.com/s/article/9216483/Unpatched_DLL_bugs_let_hackers_exploit_Windows_7_and_IE9_says_researcher By Gregg Keizer Computerworld May 6, 2011 Although Microsoft has patched multiple DLL load hijacking vulnerabilities since last summer, Windows and Internet Explorer 9 (IE9) can still be exploited, a security company warned today. Microsoft confirmed that it's investigating the claims by Slovenia-based Acros Security. Researchers from Acros will demonstrate the new attacks at the Hack in the Box security conference in Amsterdam later this month. "We'll reveal how IE8 and IE9 can be used on Windows 7, Vista and XP for attacking users without any security warnings, even in 'Protected mode,' and how to remotely make many seemingly-safe applications, for example, Word 2010 and PowerPoint 2010, vulnerable," said Acros CEO Mitja Kolsek in a Friday email. The attack class called "DLL load hijacking" by some, but dubbed "binary planting" by Acros, jumped into public view last August when HD Moore, the creator of the Metasploit penetration hacking toolkit and chief security officer at Rapid7, found dozens of vulnerable Windows applications. Moore's report was followed by others, including several from Kolsek and Acros. [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/
News URL
Related news
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication (source)
- Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert! (source)
- BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability (source)
- Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images (source)
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)