[Full-disclosure] Microsoft Patches Binary Planting Issues In Various Vendors' Products




The latest security updates from Microsoft fix binary planting issues (loading of
dwmapi.dll) in the following applications (and probably many more):

1. Autodesk 3ds Max 2010 Release 12.0
2. Autodesk 3ds Max 2011 Release 13.0
3. Avast! Free Antivirus 5.0.545
4. Avira Premium Security Suite 10.0.0.542
5. BitDefender Total Security 2010 - Build 13.0.17.343
6. CorelDraw X5 15.1.0.588
7. Corel Paint Shop Pro Photo X3 13.2.0.41
8. CyberLink PowerDirector 8.00.2220
9. EMC QuickScan Pro Demo 4.7.0 (build 8554)
10. EMC ApplicationXtender Document Manager v6.50.124.0
11. Microsoft Office Professional 2010 14.0.4760.1000 (32-bit)
12. Nuance PDF Converter Professional 6.0
13. PC Security Shield Security Shield 2010 13.0.16.313

More information and recommendations for developers on our blog:
http://blog.acrossecurity.com/2011/04/microsoft-patches-binary-planting_13.html


Best regards,

Mitja Kolsek
CEO&CTO

ACROS, d.o.o.
Makedonska ulica 113
SI - 2000 Maribor, Slovenia
tel: +386 2 3000 280
fax: +386 2 3000 282
web: http://www.acrossecurity.com

ACROS Security: Finding Your Digital Vulnerabilities Before Others Do


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • [NEWS] Advanced Application-Level OS Fingerprinting: Practical Approaches and Examples
    ... Get your security news from a reliable source. ... Dan presents an alternate approach to application-level OS fingerprinting. ... cross-platform applications which result in OS-dependant responses. ... As a part of a default Apache ...
    (Securiteam)
  • Re: Active Directory/HIPPA Question
    ... The client ... > roll out AD when their top priority this year is securing the applications ... Security is one of the biggest reasons. ... ESPECIALLY if you have 800 remote offices. ...
    (microsoft.public.win2000.general)
  • RE: New Whitepaper - "Second-order Code Injection Attacks"
    ... I make no claims that this a previously "undiscovered" security flaw. ... code injection into web applications. ... differentiate between the code injection attacks - and to explain their ...
    (Bugtraq)
  • Re: Testing MS Security Patches?
    ... >implementing MS security updates on production systems. ... be to test those applications on which your business depends. ... Download the patch. ...
    (microsoft.public.security)
  • Re: Active Directory/HIPPA Question
    ... roll out AD when their top priority this year is securing the applications ... Security is one of the biggest reasons. ... ESPECIALLY if you have 800 remote offices. ... >> I have a potential client who is mulling whether or not to invest a ton ...
    (microsoft.public.win2000.general)