14 DAY TRIAL // Google has released a new version of its Picasa image organizing software in order to address a vulnerability that could be exploited to execute arbitrary code remotely.
According to vulnerability research vendor Secunia, which rates it as highly critical, the flaw allows for attacks known as DLL hijacking or binary planting.
This type of vulnerabilities stem from the use of an insecure search path when an exact location is not specified for a library loading function.
An attacker can leverage such flaws to trick applications into loading rogue DLLs. This occurs when the working directory is given priority over other locations or when the program attempts to load a file that's not available on the system.
For example, an application might attempt to load a Vista or Win 7-only library when running on Windows XP. If the DLL is not found, the program continues working normally.
However, someone who knows about this could create a library with the same name and trick the application to load it by placing it in the working directory.
The is the folder from which the action is triggered. If the action is, for example, the opening of an image file, the working directory would be the folder containing the image.
Since Picasa can load pictures from network shares or remote WebDAV resources, potential attackers don't need access to the local system in order to load the malicious file, as long as they can trick a victim to open the image from a location they control.
This Picasa DLL hijacking vulnerability was discovered by Makoto Shiotsuki and was reported via JPCERT/CC. It affects versions of the program older than 3.8. Hundreds of applications, including some of the most popular ones, have been found vulnerable to this attack vector.
The latest version of Picasa Photo Organizer can be downloaded from here.