Vigil@nce - Windows Backup Manager: code execution via DLL Preload
January 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can use a malicious DLL in order to execute code in
Windows Backup Manager.
Severity: 2/4
Creation date: 11/01/2011
IMPACTED PRODUCTS
– Microsoft Windows Vista
DESCRIPTION OF THE VULNERABILITY
The Windows Backup Manager application manages backups, which are
stored in files with the ".WBCAT" extension. When it starts, it
loads the fveapi.dll library.
However, the library is loaded insecurely. An attacker can thus
use the VIGILANCE-VUL-9879 (https://vigilance.fr/tree/1/9879)
vulnerability to execute code.
An attacker can therefore invite the victim to open a WBCAT file
from a network share containing a malicious DLL, in order to
execute code in the context of Windows Backup Manager.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-Backup-Manager-code-execution-via-DLL-Preload-10261