JVNTR-2010-23
Microsoft Windows �ɂ����� DLL �ǂݍ��݂Ɋւ���Ǝ㐫 (TA10-238A)
Microsoft Windows ������ DLL �����p�X�A���S���Y���̎����ɋN�����A�N�����ɁA�{���ǂݍ��ނׂ��łȂ��H���ꂽ DLL ��ǂݍ��މ\���̂���v���O���������݂��܂��B
�e������V�X�e��
�@Windows �v���b�g�t�H�[����� DLL ���g�p���ē��삷��v���O�������e������\��������܂��B
�@�Ȃ��A�v���O�����ɐƎ㐫�����݂��邩�ۂ��́A�v���O�������ǂ̂悤�� DLL ��ǂݍ��ނ��ɂ��܂��B
| ���� (JST) | ���e |
| 2011-03-09 07:39 |
�}�C�N���\�t�g ms11-mar: �}�C�N���\�t�g �Z�L�����e�B��� 2011 �N 3 ���̃Z�L�����e�B��� DLL �ǂݍ��݂Ɋւ���Ǝ㐫 (MS11-015, CVE-2011-0032) ���Ń����[�X�FDirectShow DLL �ǂݍ��݂Ɋւ���Ǝ㐫 (MS11-016, CVE-2010-3146) ���Ń����[�X�FGroove DLL �ǂݍ��݂Ɋւ���Ǝ㐫 (MS11-017, CVE-2011-0029) ���Ń����[�X�F�����[�g�f�X�N�g�b�v |
| 2011-02-09 07:45 |
�}�C�N���\�t�g ms11-feb: �}�C�N���\�t�g �Z�L�����e�B��� 2011 �N 2 ���̃Z�L�����e�B��� DLL Preloading ��� (MS11-003, CVE-2011-0038) ���Ń����[�X�FInternet Explorer |
| 2011-01-12 07:44 |
�}�C�N���\�t�g ms11-jan: �}�C�N���\�t�g �Z�L�����e�B��� 2011 �N 1 ���̃Z�L�����e�B��� DLL Preloading ��� (MS11-001, CVE-2010-3145) ���Ń����[�X�FBackup Manager |
| 2010-12-15 07:51 |
�}�C�N���\�t�g ms10-dec: �}�C�N���\�t�g �Z�L�����e�B��� 2010 �N 12 ���̃Z�L�����e�B��� DLL �ǂݍ��݂Ɋւ���Ǝ㐫 (MS10-093, CVE-2010-3967) ���Ń����[�X�F���[�r�[ ���[�J�[ DLL �ǂݍ��݂Ɋւ���Ǝ㐫 (MS10-094, CVE-2010-3965) ���Ń����[�X�FMedia �G���R�[�_�[ DLL �ǂݍ��݂Ɋւ���Ǝ㐫 (MS10-095, CVE-2010-3966) ���Ń����[�X�FBranchCache DLL �ǂݍ��݂Ɋւ���Ǝ㐫 (MS10-096, CVE-2010-3147) ���Ń����[�X�F�A�h���X�� DLL �ǂݍ��݂Ɋւ���Ǝ㐫 (MS10-097, CVE-2010-3144) ���Ń����[�X�F�C���^�[�l�b�g�ڑ��̃T�C���A�b�v �E�B�U�[�h |
| 2010-11-04 |
�A�h�r APSB10-26: Adobe Flash Player�p�Z�L�����e�B�A�b�v�f�[�g���J �Z�L�����e�B�X�V�v���O���� (CVE-2010-3976) �̃����[�X: Flash Player 10.1.102.64/9.0.289.0 |
| 2010-10-20 |
Mozilla Japan MFSA 2010-71: ���S�łȂ����C�u�����̓ǂݍ��݂Ɋւ����� �Z�L�����e�B�X�V�v���O���� (CVE-2010-3181,CVE-2010-3182) �̃����[�X: Firefox 3.6.11/3.5.14, Thunderbird 3.1.5/3.0.9 Windows �ɂ����� DLL �ǂݍ��݂Ɋւ���Ǝ㐫 (CVE-2010-3181)�ALinux �ɂ����郉�C�u�����ǂݍ��ݖ�� (CVE-2010-3182) |
| 2010-10-18 |
�A�h�r APSB10-24: InDesign�̃Z�L�����e�B�A�b�v�f�[�g���J �Z�L�����e�B�X�V�v���O���� (CVE-2010-3153) �̃����[�X: InDesign CS5 7.0.3/CS4 6.0.6, InDesign Server CS5 7.0.3, InCopy CS5 7.0.3/CS4 6.0.6 |
| 2010-10-14 |
Lhaplus �����p�X�̖��ɋN������Ǝ㐫 ���s�t�@�C���ǂݍ��݂Ɋւ���Ǝ㐫 (CVE-2010-3158) ���Ń����[�X�FLhaplus 1.59 |
| 2010-10-11 |
Lhaplus �����p�X�̖��ɋN������Ǝ㐫 DLL �ǂݍ��݂Ɋւ���Ǝ㐫 (CVE-2010-2368) ���Ń����[�X�FLhaplus 1.58 |
| 2010-09-15 |
�A�b�v�� HT4339: QuickTime 7.6.8 �̃Z�L�����e�B�R���e���c�ɂ��� �Z�L�����e�B�X�V�v���O���� (CVE-2010-1819) �̃����[�X: QuickTime 7.6.8 |
| 2010-09-07 |
Mozilla Japan MFSA 2010-52: Windows XP �ɂ����� DLL �ǂݍ��ݐƎ㐫 �Z�L�����e�B�X�V�v���O���� (CVE-2010-3131) �̃����[�X: Firefox 3.6.9/3.5.12, Thunderbird 3.1.3/3.0.7 |
| 2010-09-01 23:27 |
US-CERT Insecure Loading of Dynamic Link Libraries in Windows Applications US-CERT Current Activity ����� (Fix it 50522) �̃����[�X���A�i�E���X |
| 2010-09-01 13:42 |
�}�C�N���\�t�g �}�C�N���\�t�g �Z�L�����e�B �A�h�o�C�U�� (2269637): ���S�łȂ����C�u�����̃��[�h�ɂ��A�����[�g�ŃR�[�h�����s����� Fix it (WebDAV ����у����[�g�̃l�b�g���[�N���L����̃��C�u�����̃��[�h������) �̒� |
| 2010-08-27 05:40 |
US-CERT TA10-238A: Microsoft Windows Insecurely Loads Dynamic Libraries US-CERT ���[�����O���X�g�o�R�� Technical Cyber Security Alert ���M ���S�łȂ����C�u�����[�̃��[�h (DLL�̃v�����[�h) �����A�i�E���X |
| 2010-08-26 01:01 |
US-CERT Insecure Loading of Dynamic Link Libraries in Windows Applications US-CERT Current Activity �Z�L�����e�B �A�h�o�C�U�� (VU#707943) �̌��J���A�i�E���X |
| 2010-08-25 15:44 |
Metasploit Project Better, Faster, Stronger: DLLHijackAuditKit v2 DLLHijackAuditKit V2 �����[�X |
| 2010-08-25 |
Exploit-Database DLL Hijacking - Vulnerable Applications ���S�łȂ����C�u�����[�̃��[�h (DLL�̃v�����[�h) �����A�i�E���X |
| 2010-08-24 10:07 |
�}�C�N���\�t�g �}�C�N���\�t�g �Z�L�����e�B �A�h�o�C�U�� (2269637): ���S�łȂ����C�u�����̃��[�h�ɂ��A�����[�g�ŃR�[�h�����s����� �Z�L�����e�B �A�h�o�C�U�� (2269637) �̌��J |
| 2010-08-23 14:48 |
Metasploit Project Exploiting DLL Hijacking Flaws DLLHijackAuditKit �����[�X |
| 2010-08-23 |
SANS Internet Storm Center DLL hijacking vulnerabilities �Ǝ㐫���A���c�[���̗��ʂ�� |
| 2010-08-19 00:05 |
ACROS ASPR #2010-08-18-1-PUB: Remote Binary Planting in Apple iTunes for Windows �Z�L�����e�B �A�h�o�C�U�� (CVE-2010-1795) �̌��J |
| 2010-08-12 |
�A�b�v�� HT4105: iTunes 9.1 �̃Z�L�����e�B�R���e���c�ɂ��� �Z�L�����e�B�X�V�v���O���� (CVE-2010-1795) �̃����[�X: iTunes 9.1 |
| 2010-04-13 01:51 |
ACROS ASPR #2010-04-12-1-PUB: Remote Binary Planting in VMware Tools for Windows �Z�L�����e�B �A�h�o�C�U�� (CVE-2010-1141) �̌��J |
| 2010-03-30 |
VMware VMSA-2010-0007: VMware hosted products, vCenter Server and ESX patches resolve multiple security issues �Z�L�����e�B�X�V�v���O���� (CVE-2010-1141) �̃����[�X |
| 2010-01-31 |
�J���t�H���j�A��w CSE-2010-2.pdf: Automatic Detection of Vulnerable Dynamic Component Loadings �Z�p���|�[�g�̌��J (Web�T�C�g�Ɍf��) |
| 2004-09-02 |
�}�C�N���\�t�g Dynamic-Link Library Search Order Windows XP SP2 SafeDllSearchMode (�f�t�H���g�L��) �̓��� |
| 2003-07-03 |
�}�C�N���\�t�g Dynamic-Link Library Search Order Windows 2000 SP4 SafeDllSearchMode (�f�t�H���g����) �̓��� |
| 2001-11-16 |
�}�C�N���\�t�g Dynamic-Link Library Search Order Windows XP SafeDllSearchMode (�f�t�H���g����) �̓��� |
| 2000-09-18 |
Georgi Guninski Georgi Guninski security advisory #21, 2000 : Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases �Ǝ㐫�ƌ��R�[�h�̌��J (Web�T�C�g�Ɍf��) |
- Technical Cyber Security Alert TA10-238A
Microsoft Windows Insecurely Loads Dynamic Libraries - Japan Vulnerability Note JVNTA10-238A
Microsoft Windows �ɂ����� DLL �ǂݍ��݂Ɋւ���Ǝ㐫 - DLL �ǂݍ��݂Ɋւ���Ǝ㐫
- CVE-2010-1141 : VMware Tools
- CVE-2010-1795 : Apple iTunes
- CVE-2010-1819 : Apple QuickTime
- CVE-2010-1911 : SdcWebSecureBase
- CVE-2010-2368 : Lhaplus
- CVE-2010-2600 : BlackBerry Desktop Software
- CVE-2010-3124 : VLC Media Player
- CVE-2010-3125 : TeamMate Audit Management Software Suite
- CVE-2010-3126 : avast!
- CVE-2010-3127 : Adobe PhotoShop
- CVE-2010-3128 : TeamViewer
- CVE-2010-3129 : uTorrent
- CVE-2010-3130 : TechSmith Snagit
- CVE-2010-3131 : Mozilla Firefox Thunderbird
- CVE-2010-3132 : Adobe Dreamweaver
- CVE-2010-3133 : Wireshark
- CVE-2010-3134 : Google Earth
- CVE-2010-3135 : Cisco Packet Tracer
- CVE-2010-3136 : Skype
- CVE-2010-3137 : Nullsoft Winamp
- CVE-2010-3138 : Microsoft Indeo filter
- CVE-2010-3139 : Microsoft Windows Progman Group Converter
- CVE-2010-3140 : Microsoft Windows Internet Communication Settings
- CVE-2010-3141 : Microsoft PowerPoint
- CVE-2010-3142 : Microsoft Office PowerPoint
- CVE-2010-3143 : Microsoft Windows Contacts
- CVE-2010-3144 : Microsoft Internet Connection Signup Wizard
- CVE-2010-3145 : Microsoft Vista BitLocker Drive Encryption API
- CVE-2010-3146 : Microsoft Office Groove
- CVE-2010-3147 : Microsoft Address Book
- CVE-2010-3148 : Microsoft Visio
- CVE-2010-3149 : Adobe Device Central
- CVE-2010-3150 : Adobe Premier Pro
- CVE-2010-3151 : Adobe On Location
- CVE-2010-3152 : Adobe Illustrator
- CVE-2010-3153 : Adobe InDesign , Adobe InDesign Server, Adobe InCopy
- CVE-2010-3154 : Adobe Extension Manager
- CVE-2010-3155 : Adobe ExtendScript Toolkit
- CVE-2010-3161 : TeraPad
- CVE-2010-3163 : Fenrir Sleipnir
- CVE-2010-3181 : Mozilla Firefox, Thunderbird, SeaMonkey
- CVE-2010-3190 : ATL MFC Trace Tool
- CVE-2010-3191 : Adobe Captivate
- CVE-2010-3199 : TortoiseSVN
- CVE-2010-3337 : Microsoft Office
- CVE-2010-3397 : PGP Desktop
- CVE-2010-3402 : UltraEdit
- CVE-2010-3403 : Qualcomm eXtensible Diagnostic Monitor
- CVE-2010-3914 : GVim
- CVE-2010-3965 : Microsoft Windows Media
- CVE-2010-3966 : Microsoft BranchCache
- CVE-2010-3967 : Microsoft Windows Movie Maker
- CVE-2010-3975 : Adobe Flash Player
- CVE-2010-3976 : Adobe Flash Player
- CVE-2010-4182 : Data Access Objects
- CVE-2011-0029 : Microsoft Remote Desktop
- CVE-2011-0032 : Microsoft DirectShow
- CVE-2011-0403 : ImgBurn
- ���s�t�@�C���ǂݍ��݂Ɋւ���Ǝ㐫
- CVE-2010-2369 : Lhasa
- CVE-2010-3156 : K2Editor
- CVE-2010-3157 : XacRett
- CVE-2010-3158 : Lhaplus
- CVE-2010-3159 : Explzh
- CVE-2010-3160 : Archive Decoder
- CVE-2010-3162 : Apsaly
- CVE-2010-3164 : Fenrir Sleipnir, Grani
- CVE-2010-3165 : Yokka NoEditor, Yokka OuiEditor, Yokka UnEditor, Yokka DeuxEditor, Yokka SQLEditorXP, Yokka SQLEditorTE, Yokka SQLEditor, Yokka SQLEditorClassic
- CVE-2011-0452 : Lunascape
- Linux ���ɂ����郉�C�u�����ǂݍ��ݖ��
- CVE-2010-3182 : Mozilla Firefox, Thunderbird, SeaMonkey
- CVE-2010-3349 : Ardour
- CVE-2010-3350 : bareFTP
- CVE-2010-3351 : Bristol
- CVE-2010-3353 : Cowbell
- CVE-2010-3354 : Dropbox
- CVE-2010-3355 : Ember
- CVE-2010-3357 : gnome-subtitles
- CVE-2010-3358 : HenPlus JDBC SQL-Shell
- CVE-2010-3360 : Hipo
- CVE-2010-3361 : Shrew Soft IKE
- CVE-2010-3362 : lastfm
- CVE-2010-3363 : roaraudio
- CVE-2010-3364 : VIPS
- CVE-2010-3365 : Mistelix
- CVE-2010-3366 : Mn_Fit
- CVE-2010-3369 : mono-debugger
- CVE-2010-3374 : Qt Creator
- CVE-2010-3376 : ROOT
- CVE-2010-3377 : SALOME
- CVE-2010-3378 : Scilab
- CVE-2010-3380 : SLURM
- CVE-2010-3381 : Tangerine
- CVE-2010-3382 : Tuning and Analysis Utilities (TAU)
- CVE-2010-3383 : TeamSpeak
- CVE-2010-3384 : TORCS
- CVE-2010-3385 : TuxGuitar
- CVE-2010-3386 : LTTng Userspace Tracer
- CVE-2010-3389 : SAPDatabase, SAPInstance, OCF Resource Agents
- CVE-2010-3393 : Magics++
- CVE-2010-3394 : TeXmacs
- CVE-2010-3689 : OpenOffice
- CVE-2010-3996 : Centre for Speech Technology Research (CSTR) Festival
- CVE-2010-3998 : Banshee
- CVE-2010-3999 : GnuCash
- CVE-2010-4000 : GNOME Shell
- CVE-2010-4001 : Gromacs
- CVE-2010-4005 : GNOME Tomboy
- CVE-2010-4450 : Java Runtime Environment
- CVE-2011-0532 : Red Hat Directory Server
- CVE-2011-0902 : SunScreen Firewall
