Fortinet Discovers Vulnerability in Microsoft Windows 7
Fortinet's FortiGuard Labs has discovered a vulnerability in the way Microsoft Windows 7 loads the distributed library file "peerdist.dll".
SolutionsUsers should apply the solution provided by Microsoft.
A remote code execution vulnerability exists in the way that Microsoft Windows handles the loading of DLL files. An attacker who successfully exploits this vulnerability could take complete control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This vulnerability requires a user to open a document contained within the same working directory as a specially crafted DLL file. The specially crafted DLL will be loaded into memory giving the attacker control of the affected system in the security context of the logged-on user.
Haifei Li of Fortinet's FortiGuard Labs