Vigil@nce: Roxio MyDVD, code execution via DLL preload
September 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can therefore use a malicious HomeUtils9.dll DLL in
order to execute code in Roxio MyDVD.
Severity: 2/4
Creation date: 07/09/2010
DESCRIPTION OF THE VULNERABILITY
The Roxio MyDVD program uses the HomeUtils9.dll library.
However, the library is loaded insecurely (see VIGILANCE-VUL-9879
(https://vigilance.fr/tree/1/9879)).
An attacker can therefore use a malicious HomeUtils9.dll DLL in
order to execute code in the context of Roxio MyDVD.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Roxio-MyDVD-code-execution-via-DLL-preload-9903