Valid HTML 4.01 Transitional Valid CSS Valid SVG 1.0

Me, myself & IT

Acknowledgements, bounties, citations, credits, kudos, references, rewards and thanks

Security Advisory; QNAP; 2017-12-08
Security Advisory for DLL Hijacking vulnerability in Qsync for Windows (exe)
Security Advisory; Cisco; 2017-11-15
Cisco FindIT Discovery Utility Insecure Library Loading Vulnerability
Acknowledgments – October 2017; Microsoft; 2017-10-10
Defense-in-depth
The MSRC Top 100 Security Researchers; Microsoft; 2017-08-07
The MSRC Top 100 Security Researchers
Security Advisory; Intel SSD Toolbox; 2017-05-30
Elevation of Privilege in Intel® Solid State Drive Toolbox
Akila Srinivasan, Microsoft Security Response Center; Microsoft; 2016-10-27
The inner workings of the Microsoft Bounty Program: Top 100 Finders for 2016
Security Advisory; Apache OpenOffice; 2016-10-11
Windows Installer Execution of Arbitrary Code with Elevated Privileges
Security Researcher Acknowledgments Online Services – Prior Months; Microsoft; 2016-09
September & October 2016 Security Researchers
Security Advisory; VMware; 2016-09-13
VMSA-2016-0014
VMSA-2016-0014
Contribute & Reference list; MITRE; 2016-07-29
Contribute – ATT&CK
Reference list – ATT&CK
Catalin Cimpanu; Softpedia; 2016-07-26
Windows 10 Disk Cleanup Utility Abused to Bypass UAC
Thanks; cURL; 2016-07-21
cURL – THANKS
Vulnerability note; PuTTY; 2016-07-19
PuTTY vulnerability vuln-indirect-dll-hijack
Security Bulletin; Adobe; 2016-07-12
Adobe Security Bulletin APSB16-25
Will Dormann; CERT/CC; 2016-06-30
Bypassing Application Whitelisting
Security Advisory; cURL; 2016-05-30
cURL – Windows DLL hijacking
iTunes security; Apple; 2016-05-16
About the security content of iTunes 12.4
Security Bulletin; Adobe; 2016-04-07
Adobe Security Bulletin APSB16-10
Comodo Internet Security Release Notes; Comodo; 2016-03-22
Comodo Internet Security Release Notes
Vulnerability Reward Program Hall of Fame; F-Secure; 2016
2016 – Hall of Fame
Customer Advisory; ESET; 2016-02-19
ESET Customer Advisory: Mitigations for vulnerabilities in ESET’s EXE installers
Check Point response to ZoneAlarm DLL injection; Check Point; 2016-02-18
Check Point response to ZoneAlarm DLL injection
Catalin Cimpanu; Softpedia; 2016-02-08
DLL Hijacking Issue Plagues Products like Firefox, Chrome, iTunes, OpenOffice
Eduard Kovacs; SecurityWeek; 2016-02-08
Oracle Patches Java Installer Vulnerability
Richard Chirgwin; The Register; 2016-02-08
Oracle issues emergency patch for Java on Windows
Oracle Security Alert; Oracle; 2016-02-05
Oracle Security Alert for CVE-2016-0603
WiX v3.10.2 released; FireGiant; 2016-01-21
WiX v3.10.2 released
Oracle Critical Patch Update Advisory – January 2016; Oracle; 2016-01-19
Oracle Critical Patch Update Advisory – January 2016
Release Notes; VeraCrypt; 2016-01-18
Release Notes, 1.17-BETA17 (January 18th, 2016)
Changelog CloneBD Blu-ray Media Converter; Elaborate Bytes; 2016-01-14
Changelog CloneBD Blu-ray Media Converter
Acknowledgments – 2016; Microsoft; 2016-01-12
MS16-007 (DLL Loading Elevation of Privilege Vulnerability)
MS16-007 (DLL Loading Elevation of Privilege Vulnerability)
Security Advisory; VeraCrypt Team, Mounir IDRASSI; 2016-01-11
CVE-2016-1281: TrueCrypt and VeraCrypt Windows installers allow arbitrary code execution with elevation of privilege
Vulnerability report; Emsisoft; 2016-01-08
Vulnerability report – emsisoft.de
Vulnerability Report: List of Advisories; Kaspersky Lab; 2015-12-23
Advisory issued on 23th December, 2015
Information Security; Rapid7; 2015-12-21
ScanNow DLL Search Order Hijacking Vulnerability and Deprecation
Vulnerability Reward Program Hall of Fame; F-Secure; 2015
2015 – Honorable Mentions
Security Advisory; F-Secure; 2015-12-17
FSC-2015-4: DLL pre-loading attack in Online Scanner
Security Bulletin; Intel; 2015-12-14
Intel Security – Security Bulletin: Security patch for several McAfee installers and uninstallers
Change log; Nmap; 2015-12-09
Nmap Changelog
Security Advisory; Gpg4win; 2015-11-25
Security Advisory Gpg4win 2015-11-25
Richard Chirgwin; The Register; 2015-11-03
Dev to Mozilla: Please dump ancient Windows install processes
Jason Shirk, Microsoft Security Response Center; Microsoft; 2015-10-20
Microsoft Bounty Program: Making it to the MSRC Top 100
Threat Intelligence Database; scip AG; 2015-09-18
Apple iTunes up to 12.2 buffer overflow [CVE-2010-3190]
iTunes security; Apple; 2015-09-11
About the security content of iTunes 12.3
Catalin Cimpanu; Softpedia; 2015-08-05
Mozilla Thunderbird 38+ Poses Security Risk via Its Lightning Extension
Security Researcher Acknowledgments Online Services – Prior Months; Microsoft; 2015-06
June & July 2015 Security Researchers
Acknowledgments – 2014; Microsoft; 2014-08-12
MS14-049 (Defense-in-depth changes)
Security Bulletin; Microsoft; 2014-08-12
Microsoft Security Bulletin MS14-049 – Important
Microsoft Security Bulletin Summary for August 2014
Security Researcher Acknowledgments Online Services – Prior Months; Microsoft; 2014-05
May 2014 Security Researchers
Threat Intelligence Database; scip AG; 2014-05-22
HP HP OfficeJet 6700 Driver Installer privilege escalation
Threat Intelligence Database; scip AG; 2014-04-09
Microsoft Windows up to 2012 R2 Batch File Handler CreateProcess() buffer overflow
Acknowledgments – 2014; Microsoft; 2014-04-08
MS14-019 (Windows File Handling Vulnerability)
Security Bulletin; Microsoft; 2014-04-08
Microsoft Security Bulletin MS14-019 – Critical
Microsoft Security Bulletin Summary for April 2014
Steven M. Bellovin, Matt Blaze, Sandy Clark, and Susan Landau; Northwestern Journal of Technology & Intellectual Property, Volume 12 Issue 1 (2014); 2014-04-08
Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet
Charalampos harkaz Kazakos; 2013-09-09
Welcome to Windows XP Service Pack 4
Threat Intelligence Database; scip AG; 2013-08-28
Mozilla Firefox/Thunderbird prior 23.0 on Windows Path Handler UninstallString privilege escalation
Threat Intelligence Database; scip AG; 2013-05-13
Microsoft Security Essentials up to 4.1 Registry buffer overflow
Cal Leeming; 2013-05-10
Analysis of Cisco 7940, SIP ALG and NAT traversal problems
Bojan Zdrnja; Internet Storm Center; 2010-08-23
DLL hijacking vulnerabilities
Security Bulletin; Microsoft; 2010-08-02
Microsoft Security Bulletin MS10-046 – Critical
Microsoft Security Bulletin Summary for August 2010
Ray Johnston; Ghostscript; 2010-02-01
History of Ghostscript versions 8.xx
Detailed History of Ghostscript versions 8.xx
Holger Klemm; Multimedia4Linux; 2009-01-03
DVD-RAM Howto
Olof Lagerkvist; LTR Data; 2008-05-28
Tools and utilities for Windows
Ken Kato; VM Back; 2008-02-06
Virtual Floppy Drive 2.1: vulnerable zlib
Virtual Floppy Drive 2.1: vulnerable zlib
Jürgen Schmidt; The H Security; 2007-12-21
Antivirus software as a malware gateway
Mike Barwise; The H Security; 2007-10-22
BitDefender, GSView and cURL are vulnerable due to obsolete compression library
Linux Weekly News; 2005-06-27
ClamAV: denial of service
Paul Whittaker; Diet-PC; 2004-11-07
Configuring Windows 2000/2003 for Etherboot
Ralph Briel; Outlook Express FAQ; 2003
3.23 Wie kann ich das Euro-Währungssymbol korrekt verschicken?
Johann Ebend; Windows 2000 FAQ; 2002
Windows 2000 FAQ
Mariusz Zynel; Multi-booting Solaris and other operating systems; 2001-11-11
I.1 Preface
I.4 History
Andrew Clausen; GNU parted; 2000-02-23
parted-3.2/THANKS

Contact

If you miss anything here, have additions, comments, corrections, criticism or questions, want to give feedback, hints or tipps, report broken links, bugs, errors, inaccuracies, omissions, vulnerabilities or weaknesses, …:
don’t hesitate to contact me and feel free to ask, comment, criticise, flame, notify or report!

Use the X.509 certificate to send S/MIME encrypted mail.

Notes: I dislike HTML (and even weirder formats too) in email, I prefer to receive plain text.
I also expect to see a full (real) name as sender, not a nickname!
Emails in weird formats and without a proper sender name are likely to be discarded.
I abhor top posts and expect inline quotes in replies.


Copyright © 1995–2017 • Stefan Kanthak • <‍skanthak‍@‍nexgo‍.‍de‍>