BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Ophcrack Insecure Library Loading Vulnerability

Disclosed January 1, 2014    Zeroday : 260 days

Vulnerability Description:

Ophcrack 3.6 is vulnerable to DLL hijacking via the quserex.dll library. Attackers can place a malicious version of this library in the same folder as Ophcrack. However, because Ophcrack does not have any file type associations, exploitation of this vulnerability requires additional user interaction.

Vendors:

Ophcrack

Vulnerable Software/Devices:

Ophcrack 3.6

Vulnerability Severity:

Medium

Exploit Availability:

No Exploit Available

Exploit Impact:

Insecure Library Loading
Exploitation of this vulnerability is possible through the use of methods like WebDAV-based attacks. Remote attackers who successfully exploit this vulnerability will be able to execute code on the vulnerable system with the same rights as the currently logged on user.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 32329 - Ophcrack Insecure Library Loading Vulnerability (20140108) (Zero-Day) - Windows
  • 32330 - Ophcrack Insecure Library Loading Vulnerability (20140108) (Zero-Day) - UNIX

Mitigation:

Block ports 139 and 445 at the perimeter firewall, prevent the WebClient service from running, and prevent DLLs from being loaded from WebDAV and remote shares.

Links:

CVE(s):

None