Some applications for Microsoft Windows may use unsafe methods for determining how to load DLLs. As a result, these applications can be forced to load a DLL from an attacker-controlled source rather than a trusted location.
If you are worried about it and want it now, rather than waiting for the official release, choose your flavor from the links at the start of this thread>>http://forum.avast.com/index.php?topic=63151.0
By all accounts it is already fixed in the current pre-release build 5.0.661, check out this topic I believe there is some reference there, http://forum.avast.com/index.php?topic=63151.0.
Whilst there are lots of pages in the topic, I think it is towards the last few where it is mentioned.
I guess I should have investigated a little further. I noticed that there was a security fix in the latest pre-release that was related to license files which I now know is the DLL vulnerability.
Just to add, you don’t have to be concerned about this issue too much…
For a potential attacker, it would be a very impractical way to exploit the system.
And I have to add that the bug is actually in the Microsoft runtime libraries (that avast, as well as any other application compiled in Visual C++ using MFC, uses).
Vlk,
Could you please clarify: “For a potential attacker, it would be a very impractical way to exploit the system” ----
does this refer specifically to the license vulnerability in avast?..
or to the library vulnerability, in general??
I suspect to make use of this exploit the bad guy would have to craft a Phishing email saying for instance ‘You antivirus has expired, please click this link to renew’. The link to the .avastlic file would have to be in a form that would be opened by SMB - normal web links won’t work - and in that remote folder would be the bogus .dll.
Since the patched version is about to be released, and in any case the rogue .dll would certainly be added to the Avast definitions pretty quickly, I don’t think many bad guys are going to go to the trouble.
Personally I think some parts of the security industry have gone way over the top with this one.
Indeed. If I understand that vulnerability correctly, it requires opening a file from an untrusted source, and having enough privileges for the exploit to run.
People doing that would have done the same thing with any other phishing things (e.g. “Please change your Facebook password” with an exe requiring admin privileges attached) anyway.