Microsoft Groove 2007 Insecure Library Loading Vulnerability
( MS11-016; CVE-2011-0108 )
Summary
A remote code execution vulnerability has been reported in the way that the popular Microsoft Groove 2007 collaboration tool handles the loading of DLL files. A remote attacker could exploit this issue to take complete control of an affected system.
Details
Microsoft Office Groove 2007 is a collaboration software program for working on a broad range of project activities, from simple document collaboration to custom solutions integrated with business processes.
The vulnerability is caused when Microsoft Groove 2007 incorrectly restricts the path used for loading external libraries; this is another instance of what is called a "DLL preloading" or "binary planting" attack. An attacker could convince a user to open a legitimate Groove-related file (such as a .vcg or .gta file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Microsoft Groove 2007 could attempt to load the DLL file and execute any code it contained. Successful exploitation of this vulnerability could allow the attacker to take complete control of a targeted system.
Affected Products
This issue exists in Microsoft Groove 2007 SP2.
Solution
Check Point IPS Software Blade and NGX SmartDefense provide network protection against this vulnerability in the latest IPS update by detecting and blocking the transferal of suspicious DLL files via CIFS and WebDAV protocols. For more information, see CPAI-2011-051.
Originally Published:
Last Updated: 08-Mar-2011