Unpatched hole in ImgBurn disk burning application
According to security specialist Secunia, a highly critical vulnerability in ImgBurn, a lightweight disk burning application, can be used to remotely compromise a user's system. The security issue in the freeware program is reportedly caused by the application loading libraries (dwmapi.dll) in an "insecure manner", which can then lead to the execution of arbitrary code.
The problem has been confirmed to affect version 2.5.4.0 of ImgBurn, the latest release from 12 December; however, previous versions are also likely to be vulnerable. For an attack to be successful, a victim must first open a specially crafted file. As such, users are advised to avoid opening untrusted files.
See also:
- ImgBurn Insecure Library Loading Vulnerability, security advisory from Secunia.
(crve)