lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 23 Jan 2017 23:28:35 +0100
From: "Stefan Kanthak" <>
To: "Ding Dong" <>
Subject: Re: [FD] Executable installers are vulnerable^WEVIL (case 46):
	Pelles C allows arbitrary code execution

"Ding Dong" <> wrote:

Please stop top posting and full quotes!

> Can you elaborate a bit on what special treatment windows gives installeres
> named setup.exe?

Run "NTSD.exe setup.exe" and see which DLLs Windows loads, and how
they are loaded.
Rename setup.exe to something.exe, run "NTSD.exe something.exe" and
compare the results.

JFTR: NTSD.exe was shipped with Windows NT5.x; in newer versions you
      have to install the debugging tools.

If you want to run without debugger: take a look at
<> alias

JFTR: <>
      was referred in <>

In short: setup.exe lets Windows load some app-compat shims.

stay tuned

> On 21 January 2017 at 20:37, Stefan Kanthak <> wrote:
>> Hi @ll,
>> the executable installers of "Pelle's C",
>> <> and,
>> <>, available
>> from <>, are vulnerable
>> to DLL hijacking: they load (tested on Windows 7) at least the
>> following DLLs from their "application directory" instead Windows'
>> "system directory": Version.dll, MSI.dll, UXTheme.dll, DWMAPI.dll,
>> RichEd20.dll and CryptBase.dll


>> JFTR: there is ABSOLUTELY no need for executable installers on
>>       Windows! DUMP THIS CRAP!
>> JFTR: naming a program "Setup.exe" is another beginner's error:
>>       Windows' does some VERY special things when it encounters
>>       this filename!


Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists