News

Popular Windows programs vulnerable to attack

Some of the world's most popular Windows programs are vulnerable to attacks that exploit a major bug in the way they load critical code libraries.

Among the Windows applications that are vulnerable to these exploits are the Firefox, Chrome, Safari and Opera browsers; Microsoft's Word 2007; Adobe's Photoshop; Skype; and the uTorrent BitTorrent client.

The flaws stem from the way many Windows applications call code libraries -- dubbed "dynamic-link library," or "DLL" -- that allow hackers to trick an application into loading a malicious file with the same name as a required DLL.

If attackers can dupe users into visiting malicious Web sites or remote shares, or get them to plug in a USB drive -- and in some cases con them into opening a file -- they can hijack a PC and plant malware on it.

Until patches are available, Microsoft has urged users to download the free tool that blocks DLLs from loading from remote directories, USB drives, Web sites and an organization's network.