DLL loading vulnerability

Scarcely had we got our breath back mainly after Microsoft  addressed a serious vulnerability in handling .LNK (shortcut) files, before researcher HD Moore made public a serious security failure in the dynamic loading of libraries in Windows that came to light when he was investigating the .LNK issue.  Microsoft has already released their corresponding advisory, explaining the details of this new vulnerability.
This vulnerability is a bug in the loading loading of dynamic libraries for various applications for Windows. Initially it was thought that some forty applications were affected. More recent analysis suggests that the number of affected applications is higher, but details on which applications are affected is still scanty. Microsoft states that incorrectly coded libraries presenting with the bug "could allow an attacker to remotely execute arbitrary code in the context of the user running the vulnerable application when the user opens a file from an untrusted location."
In order to exploit this flaw security, the user has to have run a vulnerable file from a location controlled by the attacker. This location may vary and be a shared resource in the local network, WebDAV or any USB storage device. When the application associated with the management of that file opens it, a DLL is loaded that may have (continue reading...)