lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <F04CDE99FE944CB583D23C994F525A69@W340> Date: Fri, 1 Jul 2016 15:32:34 +0200 From: "Stefan Kanthak" <stefan.kanthak@...go.de> To: <bugtraq@...urityfocus.com> Cc: fulldisclosure@...lists.org Subject: [FD] Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking Hi @ll, the executable installer for Microsoft's Visual Studio 2015 Community Edition, available from <https://www.visualstudio.com/>, is vulnerable to DLL hijacking: on a fully patched Windows 7 SP1 it loads the following DLLs from its "application directory" instead of Windows' "system directory": Version.dll, AppHelp.dll, NTMARTA.dll, CryptSP.dll, RPCRTRemote.dll Additionally it loads API-MS-Win-Downlevel-ShlWAPI-L2-1-0.dll from the PATH. See <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0148> or <https://technet.microsoft.com/library/security/MS16-041> and <https://www.securify.nl/advisory/SFY20160201/_net_framework_4_6_allows_side_loading_of_windows_api_set_dll.html> for a similar vulnerability. stay tuned Stefan Kanthak Timeline: ~~~~~~~~~ 2016-06-01 sent vulnerability report to vendor plus US-CERT NO RESPONSE from vendor, not even an acknowledgement of receipt 2016-06-07 US-CERT tells me that Microsoft informed them that they won't act on this report still no response from vendor 2016-07-01 report published _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists