Though not as simple to pull-off for the bad guys as today's drive-by hacking exploits; successful exploitation requires a user first be tricked into visiting an untrusted WebDAV server in the Internet Zone and then double-click on any type of file, this enables attackers to cause a malicious file to be executed on the user's PC.
Because this is not an enabler of traditional drive-by hacking, many dismissed the severity of this vulnerability. However, given the recent publication of a Microsoft Advisory, Insecure Library Loading Could Allow Remote Code Execution, an initial work around published last week and a new tool released just a few days ago that complements last week's workaround and makes it easier to implement, clearly this warrants our attention. With the broad range of software impacted this vulnerability has the potential to wreak havoc within the enterprise and admins are encouraged to implement the workaround using the new Microsoft tool to afford the necessary risk mitigation.
The issue potentially impacts more then 100 applications from Microsoft and third party software vendors. The list of reported vulnerable applications possibly impacted by the Microsoft DLL hijacking issue continues to grow:
(source of above list : http://www.exploit-db.com/dll-hijacking-vulnerable-applications/)