Advisories, (some) Comments and Disclosures posted on Security Mailing Lists
Advisories, (some) comments and disclosures posted on the
BugTraq
BugTraq
and
Full Disclosure
security mailing lists, in chronological order.
Note:
BugTraq
ceased to work on February 25, 2020 without any notice when its
moderators suddenly stopped to approve new posts; the mailbox
<bugtraq@securityfocus.com>
was shut down about a month later, again without any notice!
BugTraq
- 2007-10-18
- Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
- Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
- Softwin's anti-virus BitDefender contains vulnerable zlib (CA-2007-07)
- Softwin's anti-virus BitDefender contains vulnerable zlib (CA-2007-07)
- Official Windows binaries of "curl" contain vulnerable zlib 1.2.2 (CAN-2005-2096)
- Official Windows binaries of "curl" contain vulnerable zlib 1.2.2 (CAN-2005-2096)
- 2007-10-29
- Windows binary of "Virtual Floppy Drive 2.1" contains vulnerable zlib (CAN-2005-2096)
- Windows binary of "Virtual Floppy Drive 2.1" contains vulnerable zlib (CAN-2005-2096)
- 2008-03-09
- Re: Firewire Attack on Windows Vista
- Re: Firewire Attack on Windows Vista
- 2008-08-08
- Re: OpenID/Debian PRNG/DNS Cache poisoning advisory
- Re: OpenID/Debian PRNG/DNS Cache poisoning advisory
- 2008-11-18
- Outdated and vulnerable OpenSource libraries used in "Deutsche Telekom" home banking software
- Outdated and vulnerable OpenSource libraries used in "Deutsche Telekom" home banking software
- 2009-04-20
- Windows Update (re-)installs outdated Flash ActiveX on Windows XP
- Windows Update (re-)installs outdated Flash ActiveX on Windows XP
- 2009-07-15
- Vulnerable DLLs distributed with Terratec HomeCinema 6.3
- Vulnerable DLLs distributed with Terratec HomeCinema 6.3
- 2009-08-31
- Vulnerable MSVC++ runtime distributed with OpenOffice.org 3.1.1 for Windows
- Vulnerable MSVC++ runtime distributed with OpenOffice.org 3.1.1 for Windows
- 2009-11-28
- Windows packages for BIND9 contain vulnerable MSVC runtime components
- Windows packages for BIND9 contain vulnerable MSVC runtime components
- 2010-01-02
- Latest Intel Pro/10* ethernet adaptor drivers contain vulnerable MSVC runtime!
- Latest Intel Pro/10* ethernet adaptor drivers contain vulnerable MSVC runtime!
- 2010-02-06
- Re: Samba Remote Zero-Day Exploit
- Re: Samba Remote Zero-Day Exploit
- 2010-06-26
- Nuance OmniPage 16 Professional installs multiple vulnerable Microsoft runtime libraries
- Nuance OmniPage 16 Professional installs multiple vulnerable Microsoft runtime libraries
- 2010-09-10
- Re: Binary Planting Goes "EXE"
- Re: Binary Planting Goes "EXE"
- 2010-09-20
- Vulnerable 3rd-party DLLs used in TrendMicro's malware scanner HouseCall
- Vulnerable 3rd-party DLLs used in TrendMicro's malware scanner HouseCall
- 2010-12-10
- Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
- Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
- 2011-05-16
- Vulnerable and completely outdated 3rd party ZIP code in FastStone image viewer
- Vulnerable and completely outdated 3rd party ZIP code in FastStone image viewer
- 2011-06-17
- Essential PIM 4.22: MANY vulnerabilities in 3rd party libraries
- Essential PIM 4.22: MANY vulnerabilities in 3rd party libraries
- 2011-06-19
- Perfect PDF products distributed with vulnerable MSVC++ libraries
- Perfect PDF products distributed with vulnerable MSVC++ libraries
- 2012-03-04
- %windir%\temp\sso\ssoexec.dll (or: how trustworthy is Microsoft's build process)
- %windir%\temp\sso\ssoexec.dll (or: how trustworthy is Microsoft's build process)
- 2012-05-13
- ICACLS.EXE ignores and destroys SE_DACL_PROTECTED/SE_SACL_PROTECTED
- ICACLS.EXE ignores and destroys SE_DACL_PROTECTED/SE_SACL_PROTECTED
- 2012-06-19
- [Win32-API] SetNamedSecurityInfo() IGNORES and DESTROYS protected DACLs/SACLs
- [Win32-API] SetNamedSecurityInfo() IGNORES and DESTROYS protected DACLs/SACLs
- 2012-06-25
- OpenLimit Reader for Windows contains completely outdated, superfluous and VULNERABLE system components
- OpenLimit Reader for Windows contains completely outdated, superfluous and VULNERABLE system components
- 2012-07-03
- Vulnerable Microsoft VC++ 2005 runtime libraries in "Microsoft Live Meeting 2007 Client" installed in private location
- Vulnerable Microsoft VC++ 2005 runtime libraries in "Microsoft Live Meeting 2007 Client" installed in private location
- 2012-08-09
- How well does Microsoft support (and follow) their mantra "keep your PC updated"?
- How well does Microsoft support (and follow) their mantra "keep your PC updated"?
- 2012-09-24
- "Dell Data Protection | Access" for Windows contains and installs outdated, superfluous and vulnerable system components and 3rd party components/drivers
- "Dell Data Protection | Access" for Windows contains and installs outdated, superfluous and vulnerable system components and 3rd party components/drivers
- 2012-10-03
- Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by Ogg DirectShow filters
- Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by Ogg DirectShow filters
- 2012-11-02
- Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by eM client
- Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by eM client
- 2012-11-06
- Vulnerable, superfluous/outdated/deprecated/superseded 3rd party OCXs and DLLs distributed by and installed with Dataram RamDisk 4.0.0
- Vulnerable, superfluous/outdated/deprecated/superseded 3rd party OCXs and DLLs distributed by and installed with Dataram RamDisk 4.0.0
- 2013-01-20
- Mozilla Firefox and Microsoft Internet Explorer stall when using workaround from MS06-020 or MS06-069
- Mozilla Firefox and Microsoft Internet Explorer stall when using workaround from MS06-020 or MS06-069
- 2013-05-04
- Vulnerability in Microsoft Security Essentials <v4.2
- Vulnerability in Microsoft Security Essentials <v4.2
- 2013-05-06
- VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone 6
- VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone 6
- 2013-05-08
- Vulnerability in "Fujitsu Desktop Update" (for Windows)
- Vulnerability in "Fujitsu Desktop Update" (for Windows)
- 2013-05-09
- Re: Vulnerabilities in Windows 8 Professional x64 factory preinstallation of Fujitsu Lifebook A512 [continued]
- Re: Vulnerabilities in Windows 8 Professional x64 factory preinstallation of Fujitsu Lifebook A512 [continued]
- 2013-05-19
- Defense in depth -- the Microsoft way
- Defense in depth -- the Microsoft way
- 2013-06-03
- Vulnerable Microsoft VC++ 2005 RTM runtime libraries installed with "Microsoft Security Essentials" (and numerous other Microsoft products)
- Vulnerable Microsoft VC++ 2005 RTM runtime libraries installed with "Microsoft Security Essentials" (and numerous other Microsoft products)
- 2013-07-10
- VULNERABLE (3rd party) components in Adobe Reader 11.0.03, and dangling reference to Acrobat.exe
- VULNERABLE (3rd party) components in Adobe Reader 11.0.03, and dangling reference to Acrobat.exe
- 2013-07-22
- Defense in depth -- the Microsoft way (part 4)
- Defense in depth -- the Microsoft way (part 4)
- 2013-07-27
- Defense in depth -- the Microsoft way (part 5): sticky, persistent vulnerabilities
- Defense in depth -- the Microsoft way (part 5): sticky, persistent vulnerabilities
- 2013-08-07
- Defense in depth -- the Microsoft way (part 6): beginner's errors, QA sound asleep or out of sight!
- Defense in depth -- the Microsoft way (part 6): beginner's errors, QA sound asleep or out of sight!
- 2013-08-08
- OUTDATED, UNSUPPORTED and VULNERABLE 3rd party components installed with Exact Audio Copy
- OUTDATED, UNSUPPORTED and VULNERABLE 3rd party components installed with Exact Audio Copy
- 2013-08-11
- Re: Apache suEXEC privilege elevation / information disclosure
- Re: Apache suEXEC privilege elevation / information disclosure
- 2013-08-17
- Defense in depth -- the Microsoft way (part 7): executable files in data directories
- Defense in depth -- the Microsoft way (part 7): executable files in data directories
- 2013-08-21
- Windows Embedded POSReady 2009: cruft, not craft
- Windows Embedded POSReady 2009: cruft, not craft
- 2013-08-24
- Defense in depth -- the Microsoft way (part 8): execute everywhere!
- Defense in depth -- the Microsoft way (part 8): execute everywhere!
- 2013-08-31
- Defense in depth -- the Microsoft way (part 9): erroneous documentation
- Defense in depth -- the Microsoft way (part 9): erroneous documentation
- 2013-10-01
- Defense in depth -- the Microsoft way (part 11): privilege escalation for dummies
- Defense in depth -- the Microsoft way (part 11): privilege escalation for dummies
- 2013-10-19
- Defense in depth -- the Microsoft way (part 12): NOOP security fixes
- Defense in depth -- the Microsoft way (part 12): NOOP security fixes
- 2013-11-03
- Defense in depth -- the Microsoft way (part 13): surprising and inconsistent behaviour, sloppy coding, sloppy QA, sloppy documentation
- 2013-11-08
- Re: Word 2003 SP2 .doc fork bomb on WinXP SP3
- Re: Word 2003 SP2 .doc fork bomb on WinXP SP3
- 2013-11-24
- Defense in depth -- the Microsoft way (part 14): incomplete, misleading and dangerous documentation
- Defense in depth -- the Microsoft way (part 14): incomplete, misleading and dangerous documentation
- 2014-04-16
- Buggy insecure "security" software executes rogue binary during installation and uninstallation
- Buggy insecure "security" software executes rogue binary during installation and uninstallation
- 2014-05-20
- Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe
- Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe
- 2014-05-28
- Defense in depth -- the Microsoft way (part 15): unquoted arguments in 120 (of 462) command lines
- Defense in depth -- the Microsoft way (part 15): unquoted arguments in 120 (of 462) command lines
- 2014-07-07
- iTunes 11.2.2 for Windows: completely outdated and vulnerable 3rd party libraries
- iTunes 11.2.2 for Windows: completely outdated and vulnerable 3rd party libraries
- 2014-07-23
- Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
- Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
- 2014-08-07
- Beginners error: QuickTime for Windows runs rogue program C:\Program.exe when opening associated files
- Beginners error: QuickTime for Windows runs rogue program C:\Program.exe when opening associated files
- 2014-08-16
- Beginners error: Apple's Software Update runs rogue program C:\Program.exe (and some more)
- Beginners error: Apple's Software Update runs rogue program C:\Program.exe (and some more)
- Beginners error: Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs
- Beginners error: Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs
- Beginners error: Apple's iCloudServices for Windows run rogue program C:\Program.exe (and some more)
- Beginners error: Apple's iCloudServices for Windows run rogue program C:\Program.exe (and some more)
- 2014-09-02
- Defense in depth -- the Microsoft way (part 18): Microsoft Office 2010 registers command lines with unquoted pathnames
- Defense in depth -- the Microsoft way (part 18): Microsoft Office 2010 registers command lines with unquoted pathnames
- 2014-09-06
- Defense in depth -- the Microsoft way (part 19): still no "perfect forward secrecy" per default in Windows 8/7/Vista/Server 2012/Server 2008 [R2]
- Defense in depth -- the Microsoft way (part 19): still no "perfect forward secrecy" per default in Windows 8/7/Vista/Server 2012/Server 2008 [R2]
- 2014-10-24
- Still beginner's errors (and outdated 3rd party components) in QuickTime 7.7.6 and iTunes 12.0.1
- Still beginner's errors (and outdated 3rd party components) in QuickTime 7.7.6 and iTunes 12.0.1
- iTunes 12.0.1 for Windows: still COMPLETELY outdated and VULNERABLE 3rd party libraries
- iTunes 12.0.1 for Windows: still COMPLETELY outdated and VULNERABLE 3rd party libraries
- 2014-11-27
- Defense in depth -- the Microsoft way (part 22): no DEP in Windows' filesystem (and ASLR barely used)
- Defense in depth -- the Microsoft way (part 22): no DEP in Windows' filesystem (and ASLR barely used)
- 2014-12-13
- Defense in depth -- the Microsoft way (part 23): two quotes or not to quote...
- Defense in depth -- the Microsoft way (part 23): two quotes or not to quote...
- 2014-12-30
- Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook
- Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook
- 2015-01-31
- Defense in depth -- the Microsoft way (part 27): the command line you get differs from the command line I use to call you
- Defense in depth -- the Microsoft way (part 27): the command line you get differs from the command line I use to call you
- 2015-02-11
- [ANN] MSKB 3004375 available for Windows 2000 and later too (but NOT from Mcirosoft)
- [ANN] MSKB 3004375 available for Windows 2000 and later too (but NOT from Mcirosoft)
- 2015-02-19
- Defense in depth -- the Microsoft way (part 28): yes, we can (create even empty, but properly quoted pathnames)
- Defense in depth -- the Microsoft way (part 28): yes, we can (create even empty, but properly quoted pathnames)
- iTunes 12.1.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...
- iTunes 12.1.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...
- 2015-02-21
- Defense in depth -- the Microsoft way (part 29): contradicting, ambiguous, incomplete documentation
- Defense in depth -- the Microsoft way (part 29): contradicting, ambiguous, incomplete documentation
- 2015-03-15
- Defense in depth -- the Mozilla way: return and exit codes are dispensable
- Defense in depth -- the Mozilla way: return and exit codes are dispensable
- 2015-03-15
- Defense in depth -- the Microsoft way (part 30): on exploitable Win32 functions
- Defense in depth -- the Microsoft way (part 30): on exploitable Win32 functions
- Defense in depth -- the Microsoft way (part 31): UAC is for binary planting
- Defense in depth -- the Microsoft way (part 31): UAC is for binary planting
- 2015-07-01
- iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...
- iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...
- 2015-08-04
- Mozilla extensions: a security nightmare
- Mozilla extensions: a security nightmare
- 2015-08-05
- Vulnerable MSVC++ runtime distributed with LibreOffice 5.0.0 for Windows
- Vulnerable MSVC++ runtime distributed with LibreOffice 5.0.0 for Windows
- 2015-08-12
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
- 2015-09-04
- Defense in depth -- the Microsoft way (part 32): yet another (trivial) UAC bypass resp. privilege escalation
- Defense in depth -- the Microsoft way (part 32): yet another (trivial) UAC bypass resp. privilege escalation
- 2015-09-08
- Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe
- Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe
- 2015-09-19
- Defense in depth -- the Microsoft way (part 35): Windows Explorer ignores "Run as administrator" ...
- Defense in depth -- the Microsoft way (part 35): Windows Explorer ignores "Run as administrator" ...
- 2015-10-28
- Arbitrary code execution resp. escalation of privilege with Mozilla's SETUP.EXE
- Arbitrary code execution resp. escalation of privilege with Mozilla's SETUP.EXE
- 2015-12-07
- Executable installers are vulnerable^WEVIL (case 6): SumatraPDF-*-installer.exe allows remote code execution with escalation of privilege
- Executable installers are vulnerable^WEVIL (case 6): SumatraPDF-*-installer.exe allows remote code execution with escalation of privilege
- Executable installers are vulnerable^WEVIL (case 2): NSIS allows remote code execution with escalation of privilege
- Executable installers are vulnerable^WEVIL (case 2): NSIS allows remote code execution with escalation of privilege
- Executable installers are vulnerable^WEVIL (case 8): vlc-*.exe allows remote code execution with escalation of privilege
- Executable installers are vulnerable^WEVIL (case 8): vlc-*.exe allows remote code execution with escalation of privilege
- 2015-12-08
- Executable installers are vulnerable^WEVIL (case 5): JRSoft InnoSetup
- Executable installers are vulnerable^WEVIL (case 5): JRSoft InnoSetup
- Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege
- Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege
- 2015-12-09
- Executable installers are vulnerable^WEVIL (case 9): Chrome's setup.exe allows arbitrary code execution and escalation of privilege
- Executable installers are vulnerable^WEVIL (case 9): Chrome's setup.exe allows arbitrary code execution and escalation of privilege
- 2015-12-14
- Executable installers are vulnerable^WEVIL (case 10): McAfee Security Scan Plus, WebAdvisor and CloudAV (Beta)
- Executable installers are vulnerable^WEVIL (case 10): McAfee Security Scan Plus, WebAdvisor and CloudAV (Beta)
- 2015-12-18
- Executable uninstallers are vulnerable^WEVIL (case 12): Avira Registry Cleaner allows arbitrary code execution with escalation of privilege
- Executable uninstallers are vulnerable^WEVIL (case 12): Avira Registry Cleaner allows arbitrary code execution with escalation of privilege
- 2015-12-21
- Almost no resp. only some mitigation(s) for "DLL hijacking" via load-time dependencies
- Almost no resp. only some mitigation(s) for "DLL hijacking" via load-time dependencies
- Executable installers are vulnerable^WEVIL (case 13): ESET NOD32 antivirus installer allows remote code execution with escalation of privilege
- Executable installers are vulnerable^WEVIL (case 13): ESET NOD32 antivirus installer allows remote code execution with escalation of privilege
- 2015-12-22
- Executable installers are vulnerable^WEVIL (case 14): Rapid7's ScanNowUPnP.exe allows arbitrary (remote) code execution
- Executable installers are vulnerable^WEVIL (case 14): Rapid7's ScanNowUPnP.exe allows arbitrary (remote) code execution
- 2015-12-23
- Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege
- Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege
- 2015-12-31
- Executable installers are vulnerable^WEVIL (case 16): Trend Micro's installers allows arbitrary (remote) code execution
- Executable installers are vulnerable^WEVIL (case 16): Trend Micro's installers allows arbitrary (remote) code execution
- 2016-01-03
- Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities
- Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities
- 2016-01-07
- Executable installers are vulnerable^WEVIL (case 18): EMSISoft's installers allow arbitrary (remote) code execution and escalation of privilege
- Executable installers are vulnerable^WEVIL (case 18): EMSISoft's installers allow arbitrary (remote) code execution and escalation of privilege
- Executable installers are vulnerable^WEVIL (case 19): ZoneAlarm's installers allow arbitrary (remote) code execution and escalation of privilege
- Executable installers are vulnerable^WEVIL (case 19): ZoneAlarm's installers allow arbitrary (remote) code execution and escalation of privilege
- 2016-01-08
- Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege
- Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege
- 2016-01-13
- [CVE-2016-0014] Executable installers are vulnerable^WEVIL (case 1): Microsoft's IExpress resp. WExtract, SFXCab, BoxStub, ...
- [CVE-2016-0014] Executable installers are vulnerable^WEVIL (case 1): Microsoft's IExpress resp. WExtract, SFXCab, BoxStub, ...
- 2016-01-15
- Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution
- Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution
- Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories?
- Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories?
- 2016-01-19
- Executable installers are vulnerable^WEVIL (case 21): Panda Security's installers allow arbitrary (remote) code execution AND escalation of privilege with PANDAIS16.exe
- Executable installers are vulnerable^WEVIL (case 21): Panda Security's installers allow arbitrary (remote) code execution AND escalation of privilege with PANDAIS16.exe
- 2016-01-21
- Executable installers are vulnerable^WEVIL (case 3): WiX Toolset's bootstrapper "burn.exe"
- Executable installers are vulnerable^WEVIL (case 3): WiX Toolset's bootstrapper "burn.exe"
- 2016-01-30
- Executable installers are vulnerable^WEVIL (case 23): WinImage's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege
- Executable installers are vulnerable^WEVIL (case 23): WinImage's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege
- 2016-02-05
- [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox
- [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox
- 2016-02-07
- Executable installers are vulnerable^WEVIL (case 25): WinRAR's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege
- Executable installers are vulnerable^WEVIL (case 25): WinRAR's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege
- 2016-02-24
- Executable installers are vulnerable^WEVIL (case 4): InstallShield's wrapper and setup.exe
- Executable installers are vulnerable^WEVIL (case 4): InstallShield's wrapper and setup.exe
- Executable installers are vulnerable^WEVIL (case 26): the installer of GIMP for Windows allows arbitrary (remote) and escalation of privilege
- Executable installers are vulnerable^WEVIL (case 26): the installer of GIMP for Windows allows arbitrary (remote) and escalation of privilege
- 2016-02-26
- Executable installers are vulnerable^WEVIL (case 28): Google's Chrome cleanup tool allows arbitrary (remote) code execution WITH escalation of privilege
- Executable installers are vulnerable^WEVIL (case 28): Google's Chrome cleanup tool allows arbitrary (remote) code execution WITH escalation of privilege
- Executable installers are vulnerable^WEVIL (case 27): Cygwin's installers allow arbitrary (remote) code execution WITH escalation of privilege
- Executable installers are vulnerable^WEVIL (case 27): Cygwin's installers allow arbitrary (remote) code execution WITH escalation of privilege
- 2016-03-01
- Executable installers are vulnerable^WEVIL (case 29): putty-0.66-installer.exe allows arbitrary (remote) code execution WITH escalation of privilege
- Executable installers are vulnerable^WEVIL (case 29): putty-0.66-installer.exe allows arbitrary (remote) code execution WITH escalation of privilege
- 2016-03-06
- Executable installers are vulnerable^WEVIL (case 30): clamwin-0.99-setup.exe allows arbitrary (remote) code execution WITH escalation of privilege
- Executable installers are vulnerable^WEVIL (case 30): clamwin-0.99-setup.exe allows arbitrary (remote) code execution WITH escalation of privilege
- Executable installers are vulnerable^WEVIL (case 31): MalwareBytes' installers allows arbitrary (remote) code execution WITH escalation of privilege
- Executable installers are vulnerable^WEVIL (case 31): MalwareBytes' installers allows arbitrary (remote) code execution WITH escalation of privilege
- 2016-03-09
- Re: Windows Mail Find People DLL side loading vulnerability
- Re: Windows Mail Find People DLL side loading vulnerability
- 2016-03-15
- Defense in depth -- the Microsoft way (part 39): vulnerabilities, please meet the bar for security servicing
- Defense in depth -- the Microsoft way (part 39): vulnerabilities, please meet the bar for security servicing
- 2016-04-18
- Executable installers are vulnerable^WEVIL (case 33): GData's installers allow escalation of privilege
- Executable installers are vulnerable^WEVIL (case 33): GData's installers allow escalation of privilege
- 2016-04-28
- Mozilla doesn't care for upstream security fixes, and doesn't bother to send own security fixes upstream
- Mozilla doesn't care for upstream security fixes, and doesn't bother to send own security fixes upstream
- 2016-06-15
- [CVE-2014-1520] NOT FIXED: privilege escalation via Mozilla's executable installers
- [CVE-2014-1520] NOT FIXED: privilege escalation via Mozilla's executable installers
- 2016-06-17
- [CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player
- [CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player
- 2016-07-01
- Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking
- Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking
- 2016-07-13
- [CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers
- [CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers
- 2016-07-18
- [CVE-2016-1281] NOT FIXED: VeraCrypt*Setup*.exe still vulnerable to DLL hijacking
- [CVE-2016-1281] NOT FIXED: VeraCrypt*Setup*.exe still vulnerable to DLL hijacking
- 2016-07-19
- Executable installers are vulnerable^WEVIL (case 35): eclipse-inst-win*.exe vulnerable to DLL and EXE hijacking
- Executable installers are vulnerable^WEVIL (case 35): eclipse-inst-win*.exe vulnerable to DLL and EXE hijacking
- 2016-07-23
- Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking
- Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking
- Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design
- Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design
- 2016-08-11
- Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP%
- Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP%
- 2016-10-20
- Defense in depth -- the Microsoft way (part 45): filesystem redirection fails to redirect the application directory
- Defense in depth -- the Microsoft way (part 45): filesystem redirection fails to redirect the application directory
- Defense in depth -- the Microsoft way (part 44): complete failure of Windows Update
- Defense in depth -- the Microsoft way (part 44): complete failure of Windows Update
- 2016-11-17
- Executable installers are vulnerable^WEVIL (case 41): EmsiSoft's Emergency Kit allows elevation of privilege for everybody
- Executable installers are vulnerable^WEVIL (case 41): EmsiSoft's Emergency Kit allows elevation of privilege for everybody
- 2017-01-21
- Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution
- Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution
- 2017-03-21
- Defense in depth -- the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups"
- Defense in depth -- the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups"
- 2017-05-31
- [CVE-2017-5688] Executable installers are vulnerable^WEVIL (case 52): Intel installation framework allows arbitrary code execution with escalation of privilege
- [CVE-2017-5688] Executable installers are vulnerable^WEVIL (case 52): Intel installation framework allows arbitrary code execution with escalation of privilege
- 2018-01-30
- Defense in depth -- the Microsoft way (part 49): fun with application manifests
- Defense in depth -- the Microsoft way (part 49): fun with application manifests
- 2018-02-09
- Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM
- Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM
- 2018-02-14
- Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS
- Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS
- 2018-04-09
- Defense in depth -- the Microsoft way (part 53): our MSRC doesn't know how Windows handles PATH
- Defense in depth -- the Microsoft way (part 53): our MSRC doesn't know how Windows handles PATH
- 2018-05-09
- [ADV170017] Defense in depth -- the Microsoft way (part 54): escalation of privilege during installation of Microsoft Office 20xy
- [ADV170017] Defense in depth -- the Microsoft way (part 54): escalation of privilege during installation of Microsoft Office 20xy
- 2018-07-04
- [CVE-2018-3667, CVE-2018-3668] Escalation of priviilege via executable installer of Intel Processor Diagnostic Tool
- [CVE-2018-3667, CVE-2018-3668] Escalation of priviilege via executable installer of Intel Processor Diagnostic Tool
- 2018-07-17
- Defense in depth -- the Microsoft way (part 55): new software built with 5.5 year old tool shows 20+ year old vulnerabilities
- Defense in depth -- the Microsoft way (part 55): new software built with 5.5 year old tool shows 20+ year old vulnerabilities
- 2018-07-18
- Defense in depth -- the Microsoft way (part 56): 10+ year old security update installers are susceptiblle to 20+ year old vulnerability
- Defense in depth -- the Microsoft way (part 56): 10+ year old security update installers are susceptiblle to 20+ year old vulnerability
- 2018-08-01
- CVE-2016-7085 NOT fixed in VMware-player-12.5.9-7535481.exe
- CVE-2016-7085 NOT fixed in VMware-player-12.5.9-7535481.exe
- 2018-08-02
- Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9
- Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9
- 2018-08-14
- Defense in depth -- the Microsoft way (part 57): all the latest MSVCRT installers allow escalation of privilege
- 2018-09-02
- Defense in depth -- the Microsoft way (part 57): installation of security updates fails on Windows Embedded POSReady 2009
- 2018-11-16
- [CVE-2018-3635] Executable installers are vulnerable^WEVIL (case 59): arbitrary code execution WITH escalation of privilege via Intel Rapid Storage Technology User Interface and Driver
- 2018-11-19
- Escalation of privilege with Intel Rapid Storage User Interface
- 2019-01-18
- Defense in depth -- the Microsoft way (part 59): we only fix every other vulnerability
- 2019-02-26
- Defense in depth -- the Microsoft way (part 60): same old sins and incompetence!
- 2020-01-29
- Defense in depth -- the Microsoft way (part 61): security features are built to fail (or documented wrong)
- 2020-01-30
- [CVE-2019-20358] CVE-2019-9491 in Trend Micro Anti-Threat Toolkit (ATTK) was NOT properly FIXED
- 2020-01-31
- Executable installers are vulnerable^WEVIL (case 58): Intel® Processor Identification Utility - Windows* Version - arbitrary code execution with escalation of privilege
- 2020-02-24
- Defense in depth -- the Microsoft way (part 62): Windows shipped with end-of-life components
- Defense in depth -- the Microsoft way (part 62): Windows shipped with end-of-life components
Full Disclosure
- 2008-11-18
- Outdated and vulnerable OpenSource libraries used in "Deutsche Telekom" home banking software
- 2009-04-20
- Windows Update (re-)installs outdated Flash ActiveX on Windows XP
- 2009-07-16
- Vulnerable DLLs distributed with Terratec HomeCinema 6.3
- 2009-08-31
- Vulnerable MSVC++ runtime distributed with OpenOffice.org 3.1.1 for Windows
- 2010-06-26
- Nuance OmniPage 16 Professional installs multiple vulnerable Microsoft runtime libraries
- 2010-09-13
- Re: Nmap NOT VULNERABLE to Windows DLL HijackingVulnerability
- 2010-09-15
- Re: DLL hijacking with Autorun on a USB drive
- 2010-09-20
- Vulnerable 3rd-party DLLs used in TrendMicro's malware scanner HouseCall
- 2010-12-13
- Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
- 2011-05-16
- Vulnerable and completely outdated 3rd party ZIP code in FastStone image viewer
- 2011-06-17
- Essential PIM 4.22: MANY vulnerabilities in 3rd party libraries
- 2011-06-19
- Perfect PDF products distributed with vulnerable MSVC++ libraries
- 2011-09-16
- Re: Microsoft's Binary Planting Clean-Up Mission
- 2011-09-22
- Re: Fix for NTFS permissions issue in QuickTime 7.xfor Windows
- 2011-11-14
- Microsoft security hotfix MS11-071 alias KB2570947 incomplete
- 2012-03-02
- %windir%\temp\sso\ssoexec.dll (or: how trustworthy is Microsoft's build process)
- 2012-05-13
- ICACLS.EXE ignores and destroys SE_DACL_PROTECTED/SE_SACL_PROTECTED
- 2012-06-19
- [Win32-API] SetNamedSecurityInfo() IGNORES and DESTROYS protected DACLs/SACLs
- 2012-06-25
- OpenLimit Reader for Windows contains completely outdated, superfluous and VULNERABLE system components
- 2012-07-03
- Vulnerable Microsoft VC++ 2005 runtime libraries in "Microsoft Live Meeting 2007 Client" installed in private location
- 2012-07-04
- Re: Windows short (8.3) filenames - a security nightmare?
- 2012-07-09
- Re: How much time is appropriate for fixing a bug?
- 2012-08-09
- How well does Microsoft support (and follow) their mantra "keep your PC updated"?
- 2012-09-24
- "Dell Data Protection | Access" for Windows contains and installs outdated, superfluous and vulnerable system components and 3rd party components/drivers
- 2012-10-03
- Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by Ogg DirectShow filters
- 2012-11-02
- Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by eM client
- 2012-11-06
- Vulnerable, superfluous/outdated/deprecated/superseded 3rd party OCXs and DLLs distributed by and installed with Dataram RamDisk 4.0.0
- 2013-01-20
- Mozilla Firefox and Microsoft Internet Explorer stall when using workaround from MS06-020 or MS06-069
- 2013-05-04
- Vulnerability in Microsoft Security Essentials <v4.2
- 2013-05-05
- Vulnerabilities in Windows 8 Professional x64 factory preinstallation of Fujitsu Lifebook A512
- 2013-05-06
- VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone 6
- VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone System 11
- 2013-05-08
- Vulnerability in "Fujitsu Desktop Update" (for Windows)
- 2013-05-19
- Defense in depth -- the Microsoft way
- 2013-06-03
- Vulnerable Microsoft VC++ 2005 RTM runtime libraries installed with "Microsoft Security Essentials" (and numerous other Microsoft products)
- 2013-06-16
- Defense in depth -- the Microsoft way (part 3)
- 2013-07-10
- VULNERABLE (3rd party) components in Adobe Reader 11.0.03, and dangling reference to Acrobat.exe
- 2013-07-22
- Defense in depth -- the Microsoft way (part 4)
- 2013-07-27
- Defense in depth -- the Microsoft way (part 5): sticky, persistent vulnerabilities
- 2013-08-07
- Defense in depth -- the Microsoft way (part 6): beginner's errors, QA sound asleep or out of sight!
- 2013-08-08
- OUTDATED, UNSUPPORTED and VULNERABLE 3rd party components installed with Exact Audio Copy
- 2013-08-17
- Defense in depth -- the Microsoft way (part 7): executable files in data directories
- 2013-08-21
- Windows Embedded POSReady 2009: cruft, not craft
- 2013-08-24
- Defense in depth -- the Microsoft way (part 8): execute everywhere!
- 2013-08-31
- Defense in depth -- the Microsoft way (part 9): erroneous documentation
- 2013-09-21
- Defense in depth -- the Microsoft way (part 10)
- 2013-10-02
- Defense in depth -- the Microsoft way (part 11): privilege escalation for dummies
- 2013-10-19
- Defense in depth -- the Microsoft way (part 12): NOOP security fixes
- 2013-11-03
- Defense in depth -- the Microsoft way (part 13): surprising and inconsistent behaviour, sloppy coding, sloppy QA, sloppy documentation
- 2013-11-24
- Defense in depth -- the Microsoft way (part 14): incomplete, misleading and dangerous documentation
- 2014-04-16
- Buggy insecure "security" software executes rogue binary during installation and uninstallation
- 2014-04-30
- Beginners error: iTunes for Windows runs rogue program C:\Program.exe when opening associated files
- 2014-05-06
- Beginners error: Piriform's Crap Cleaner^W runs rogue program C:\Program.exe
- 2014-05-08
- Beginners error: Synaptics touchpad driver delivered via Windows Update executes rogue program C:\Program.exe with system privileges during installation
- 2014-05-21
- Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe
- 2014-05-28
- Defense in depth -- the Microsoft way (part 15): unquoted arguments in 120 (of 462) command lines
- 2014-05-29
- How to use the vulnerable flash player plugin installed with Adobe Reader XI (and other Adobe products)
- 2014-05-31
- Defense in depth -- the Microsoft way (part 16): our developers and their QA dont follow our own security recommendations
- 2014-06-25
- Defense in depth -- the Microsoft way (part 17): even a one-line script is vulnerable
- 2014-07-07
- iTunes 11.2.2 for Windows: completely outdated and vulnerable 3rd party libraries
- 2014-07-23
- Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
- 2014-08-07
- Beginners error: QuickTime for Windows runs rogue program C:\Program.exe when opening associated files
- 2014-08-16
- Beginners error: Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs
- Beginners error: Apple's Software Update runs rogue program C:\Program.exe (and some more)
- Beginners error: Apple's iCloudServices for Windows run rogue program C:\Program.exe (and some more)
- 2014-09-02
- Defense in depth -- the Microsoft way (part 18): Microsoft Office 2010 registers command lines with unquoted pathnames
- 2014-09-06
- Defense in depth -- the Microsoft way (part 19): still no "perfect forward secrecy" per default in Windows 8/7/Vista/Server 2012/Server 2008 [R2]
- 2014-10-24
- Still beginner's errors (and outdated 3rd party components) in QuickTime 7.7.6 and iTunes 12.0.1
- iTunes 12.0.1 for Windows: still COMPLETELY outdated and VULNERABLE 3rd party libraries
- 2014-11-20
- Beginners error: "Google update" runs rogue programs %USERPROFILE%\Local.exe, %USERPROFILE%\Local Settings\Application.exe, %SystemDrive%\Documents.exe, %SystemDrive%\Program.exe, ...
- 2014-11-23
- Defense in depth -- the Microsoft way (part 21): errors/inconsistencies in Windows registry data may lead to buffer overflows or use of random data
- Defense in depth -- the Microsoft way (part 20): Microsoft Update may fail to offer current security updates
- 2014-11-27
- Defense in depth -- the Microsoft way (part 22): no DEP in Windows' filesystem (and ASLR barely used)
- 2014-12-13
- Defense in depth -- the Microsoft way (part 23): two quotes or not to quote...
- 2014-12-21
- Defense in depth -- the Microsoft way (part 24): applications built with SDKs may be vulnerable
- 2014-12-26
- Defense in depth -- the Microsoft way (part 25): no secure connections to MSDN, TechNet, ...
- 2014-12-31
- Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook
- 2015-01-31
- Defense in depth -- the Microsoft way (part 27): the command line you get differs from the command line I use to call you
- iTunes 12.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...
- 2015-02-11
- [ANN] MSKB 3004375 available for Windows 2000 and later too (but NOT from Mcirosoft)
- 2015-02-19
- Defense in depth -- the Microsoft way (part 28): yes, we can (create even empty, but properly quoted pathnames)
- iTunes 12.1.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...
- 2015-02-21
- Defense in depth -- the Microsoft way (part 29): contradicting, ambiguous, incomplete documentation
- 2015-03-15
- Defense in depth -- the Mozilla way: return and exit codes are dispensable
- Defense in depth -- the Microsoft way (part 30): on exploitable Win32 functions
- Defense in depth -- the Microsoft way (part 31): UAC is for binary planting
- 2015-07-01
- iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...
- 2015-07-04
- Re: Microsoft Office - OLE Packager allows code execution in all Office versions, with macros disabled and high security templates applied
- 2015-08-04
- Mozilla extensions: a security nightmare
- 2015-08-05
- Vulnerable MSVC++ runtime distributed with LibreOffice 5.0.0 for Windows
- 2015-09-04
- Defense in depth -- the Microsoft way (part 32): yet another (trivial) UAC bypass resp. privilege escalation
- 2015-09-09
- Defense in depth -- the Microsoft way (part 34): our developers and our QA still ignore our own security recommendations
- 2015-09-11
- Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe
- 2015-09-19
- Defense in depth -- the Microsoft way (part 35): Windows Explorer ignores "Run as administrator" ...
- 2015-10-13
- Mozilla extensions: a security nightmare (part 2)
- 2015-10-05
- Re: Watch your Downloads: the risk of the "auto-download" feature on Microsoft Edge and Google Chrome
- 2015-10-28
- Arbitrary code execution resp. escalation of privilege with Mozilla's SETUP.EXE
- 2015-11-15
- Defense in depth -- the Microsoft way (part 36): CWE-428 or fun with unquoted paths
- 2015-11-25
- Mitigations for "carpet bombing" alias "directory poisoning" attacks against executable installers
- 2015-12-05
- Defense in depth -- the Microsoft way (part 37): MMC.exe and DrvInst.exe load and execute ".dll" with elevated resp. SYSTEM privileges
- 2015-12-07
- Executable installers are vulnerable^WEVIL (case 6): SumatraPDF-*-installer.exe allows remote code execution with escalation of privilege
- Executable installers are vulnerable^WEVIL (case 8): vlc-*.exe allows remote code execution with escalation of privilege
- Executable installers are vulnerable^WEVIL (case 2): NSIS allows remote code execution with escalation of privilege
- 2015-12-08
- Executable installers are vulnerable^WEVIL (case 5): JRSoft InnoSetup
- Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege
- 2015-12-09
- Executable installers are vulnerable^WEVIL (case 9): Chrome's setup.exe allows arbitrary code execution and escalation of privilege
- 2015-12-14
- Executable installers are vulnerable^WEVIL (case 10): McAfee Security Scan Plus, WebAdvisor and CloudAV (Beta)
- Executable installers are vulnerable^WEVIL (case 11): Nmap <7.01 and Nmap-WinPcap <4.13
- 2015-12-18
- Executable uninstallers are vulnerable^WEVIL (case 12): Avira Registry Cleaner allows arbitrary code execution with escalation of privilege
- 2015-12-21
- Almost no resp. only some mitigation(s) for "DLL hijacking" via load-time dependencies
- Executable installers are vulnerable^WEVIL (case 13): ESET NOD32 antivirus installer allows remote code execution with escalation of privilege
- 2015-12-22
- Executable installers are vulnerable^WEVIL (case 14): Rapid7's ScanNowUPnP.exe allows arbitrary (remote) code execution
- 2015-12-23
- Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege
- 2015-12-31
- Executable installers are vulnerable^WEVIL (case 16): Trend Micro's installers allows arbitrary (remote) code execution
- 2016-01-03
- Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities
- 2016-01-07
- Executable installers are vulnerable^WEVIL (case 18): EMSISoft's installers allow arbitrary (remote) code execution and escalation of privilege
- Executable installers are vulnerable^WEVIL (case 19): ZoneAlarm's installers allow arbitrary (remote) code execution and escalation of privilege
- 2016-01-08
- Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege
- 2016-01-13
- [CVE-2016-0014] Executable installers are vulnerable^WEVIL (case 1): Microsoft's IExpress resp. WExtract, SFXCab, BoxStub, ...
- 2016-01-15
- Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution
- Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories?
- 2016-01-30
- Executable installers are vulnerable^WEVIL (case 23): WinImage's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege
- 2016-02-05
- [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox
- 2016-02-07
- Executable installers are vulnerable^WEVIL (case 25): WinRAR's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege
- 2016-02-24
- Executable installers are vulnerable^WEVIL (case 4): InstallShield's wrapper and setup.exe
- Executable installers are vulnerable^WEVIL (case 26): the installer of GIMP for Windows allows arbitrary (remote) and escalation of privilege
- 2016-03-01
- Executable installers are vulnerable^WEVIL (case 29): putty-0.66-installer.exe allows arbitrary (remote) code execution WITH escalation of privilege
- 2016-03-06
- Executable installers are vulnerable^WEVIL (case 30): clamwin-0.99-setup.exe allows arbitrary (remote) code execution WITH escalation of privilege
- Executable installers are vulnerable^WEVIL (case 31): MalwareBytes' installers allows arbitrary (remote) code execution WITH escalation of privilege
- 2016-03-09
- Re: Windows Mail Find People DLL side loading vulnerability
- 2016-03-15
- Defense in depth -- the Microsoft way (part 39): vulnerabilities, please meet the bar for security servicing
- 2016-03-22
- Executable installers are vulnerable^WEVIL (case 32): Comodo's installers allow arbitrary (remote) code execution WITH escalation of privilege
- 2016-04-18
- Executable installers are vulnerable^WEVIL (case 33): GData's installers allow escalation of privilege
- 2016-04-28
- Mozilla doesn't care for upstream security fixes, and doesn't bother to send own security fixes upstream
- 2016-05-28
- Defense in depth -- the Microsoft way (part 40): seven+ year old "blended" threat still alive and kicking
- 2016-06-15
- [CVE-2014-1520] NOT FIXED: privilege escalation via Mozilla's executable installers
- 2016-06-17
- [CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player
- 2016-07-01
- Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking
- 2016-07-13
- [CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers
- 2016-07-23
- Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking
- Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design
- 2016-08-11
- Executable installers are vulnerable^WEVIL (case 38): Microsoft's Windows10Upgrade*.exe allows elevation of privilege
- Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP%
- 2016-08-15
- Executable installers are vulnerable^WEVIL (case 39): MalwareBytes' "junkware removal tool" allows escalation of privilege
- 2016-08-29
- Executable installers are vulnerable^WEVIL (case 40): Aviras' full package installers allow escalation of privilege
- 2016-09-06
- Defense in depth -- the Microsoft way (part 43): restricting the DLL load order fails
- 2016-10-12
- Defense in depth -- the Microsoft way (part 44): complete failure of Windows Update
- 2016-10-20
- Defense in depth -- the Microsoft way (part 45): filesystem redirection fails to redirect the application directory
- 2016-11-17
- Executable installers are vulnerable^WEVIL (case 41): EmsiSoft's Emergency Kit allows elevation of privilege for everybody
- 2016-12-29
- Executable installers are vulnerable^WEVIL (case 42): SoftMaker's FreeOffice installer allows escalation of privilege
- 2016-12-31
- Executable installers are vulnerable^WEVIL (case 43): SoftMaker's Office service pack installers allow escalation of privilege
- 2017-01-02
- Executable installers are vulnerable^WEVIL (case 45): ReadPDF's installers allow escalation of privilege
- 2017-01-13
- Executable installers are vulnerable^WEVIL (case 44): SoftMaker's FlexiPDF installers allow escalation of privilege
- 2017-01-21
- Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution
- 2017-01-31
- Executable installers are vulnerable^WEVIL (case 47): Heimdal Security's SetupLauncher vulnerable to DLL hijacking
- 2017-02-07
- Executable installers are vulnerable^WEVIL (case 48): SumatraPDF-3.1.2-installer.exe allows escalation of privilege
- 2017-02-16
- "long" filenames mishandled by Fujitsu's ScanSnap software
- 2017-03-04
- Executable installers are defective^WEVIL (case 1): putty-0.68-installer.exe
- 2017-03-06
- Executable installers are defective^WEVIL (case 2): innosetup-5.5.9.exe and innosetup-5.5.9-unicode.exe
- 2017-03-21
- Defense in depth -- the Microsoft way (part 46): no checks for common path handling errors in "Application Verifier"
- Defense in depth -- the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups"
- 2017-04-07
- Executable installers are vulnerable^WEVIL (case 49): 1Password-4.6.1.619.exe allows arbitrary code execution
- 2017-05-04
- Executable installers are vulnerable^Wdefective^WEVIL (case 49): xampp-win32-7.1.1-0-VC14-installer.exe allows escalation of privilege
- 2017-05-26
- Executable installers are vulnerable^WEVIL (case 51): escalation of privilege with Microsoft's Azure Recovery Services Agent
- 2017-05-31
- [CVE-2017-5688] Executable installers are vulnerable^WEVIL (case 52): Intel installation framework allows arbitrary code execution with escalation of privilege
- 2017-06-29
- Executable installers are vulnerable^WEVIL (case 52): escalation of privilege with Microsoft's .NET Framework installers
- 2017-07-05
- Defense in depth -- the Microsoft way (part 48): privilege escalation for dummies -- they didn't make SUCH a stupid blunder?
- 2017-08-17
- Executable installers are vulnerable^WEVIL (case 53): escalation of privilege with QNAP's installers for Windows
- 2017-09-12
- R.I.P. Kaspersky Privacy Cleaner: withdrawn due to multiple begiinner's errors which allow escalation of privilege
- 2017-10-09
- Executable installers are vulnerable^WEVIL (case 54): escalation of privilege with PostgresSQL installers for Windows
- 2017-11-30
- AMD's buddies for Intel's FDIV bug: _llrem and _ullrem yield wrong remainders!
- 2018-01-30
- Defense in depth -- the Microsoft way (part 49): fun with application manifests
- 2018-02-05
- Defense in depth -- the Microsoft way (part 50); Windows Update shoves unsafe crap as "important" updates to unsuspecting users
- 2018-02-09
- Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM
- 2018-02-14
- Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS
- 2018-02-17
- Mozilla's executable installers: FUBAR (that's spelled "fucked-up beyond all repair")
- 2018-04-09
- Defense in depth -- the Microsoft way (part 53): our MSRC doesn't know how Windows handles PATH
- 2018-05-09
- [ADV170017] Defense in depth -- the Microsoft way (part 54): escalation of privilege during installation of Microsoft Office 20xy
- 2018-07-04
- [CVE-2018-3667, CVE-2018-3668] Escalation of priviilege via executable installer of Intel Processor Diagnostic Tool
- 2018-07-17
- Defense in depth -- the Microsoft way (part 55): new software built with 5.5 year old tool shows 20+ year old vulnerabilities
- 2018-07-18
- Defense in depth -- the Microsoft way (part 56): 10+ year old security update installers are susceptiblle to 20+ year old vulnerability
- 2018-08-01
- CVE-2016-7085 NOT fixed in VMware-player-12.5.9-7535481.exe
- 2018-08-02
- Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9
- 2018-08-03
- Executable installers are vulnerable^WEVIL (case 56): arbitrary code execution WITH escalation of privilege via rufus*.exe
- 2018-08-14
- Defense in depth -- the Microsoft way (part 57): all the latest MSVCRT installers allow escalation of privilege
- 2018-09-02
- Defense in depth -- the Microsoft way (part 57): installation of security updates fails on Windows Embedded POSReady 2009
- 2018-09-26
- Executable installers are vulnerable^WEVIL (case 57): arbitrary code execution WITH escalation of privilege via Intel Extreme Tuning Utility
- 2018-11-16
- Executable installers are vulnerable^WEVIL (case 59): arbitrary code execution WITH escalation of privilege via Intel Rapid Storage Technology User Interface and Driver
- 2018-11-19
- Escalation of privilege with Intel Rapid Storage User Interface
- 2019-01-18
- Defense in depth -- the Microsoft way (part 59): we only fix every other vulnerability
- 2019-02-26
- Defense in depth -- the Microsoft way (part 60): same old sins and incompetence!
- 2019-07-09
- Mozilla's MSI installers: FUBAR (that's spelled "fucked-up beyond all repair")
- 2020-01-29
- Defense in depth -- the Microsoft way (part 61): security features are built to fail (or documented wrong)
- 2020-01-30
- [CVE-2019-20358] CVE-2019-9491 in Trend Micro Anti-Threat Toolkit (ATTK) was NOT properly FIXED
- 2020-01-31
- Executable installers are vulnerable^WEVIL (case 58): Intel® Processor Identification Utility - Windows* Version - arbitrary code execution with escalation of privilege
- 2020-02-24
- Defense in depth -- the Microsoft way (part 62): Windows shipped with end-of-life components
- 2020-03-10
- Defense in depth -- the Microsoft way (part 63): program defaults, settings, policies ... and (un)trustworthy computing
- 2020-03-27
- Defense in depth -- the Microsoft way (part 64): Windows Defender loads and exeutes arbitrary DLLs
- 2020-03-27
- Defense in depth -- the Microsoft way (part 65): unsafe, easy to redirect paths all over
- 2020-03-28
- Defense in depth -- the Microsoft way (part 66): attachment manager allows to load arbitrary DLLs
- 2020-04-13
- Defense in depth -- the Microsoft way (part 67): we maintain 20 year old bugs since we don't care about our customers safety and security
- 2020-06-03
- Defense in depth -- the Microsoft way (part 68): qUACkery is futile!
- 2020-06-03
- Defense in depth -- the Microsoft way (part 69): security remarks are as futile as the qUACkery!
- 2020-07-23
- Defense in depth -- the Microsoft way (part 70): CVE-2014-0315 alias MS14-019 revisited
- 2020-12-15
- Defense in depth -- the Microsoft way (part 71): where compatibility means vulnerability
- 2021-03-03
- Defense in depth -- the Microsoft way (part 72): "compatibility" trumps security
- 2021-03-05
- Unholy CRAP: Mozilla's executable installers
- 2021-03-08
- Defense in depth -- the Microsoft way (part 73): ignorance (of security advisories) is bliss!
- 2021-03-23
- CVE-2018-3635 revisited: executable installers are vulnerable^WEVIL (case 60): again arbitrary code execution WITH escalation of privilege via Intel Rapid Storage Technology User Interface and Driver
- 2021-04-02
- Defense in depth -- the Microsoft way (part 74): Windows Defender SmartScreen is rather DUMB, it allows denial of service
- 2021-04-23
- Executable installers are vulnerable^WEVIL (case 61): arbitrary code execution WITH escalation of privilege via Intel WiFi Drivers
- 2021-04-29
- Defense in depth -- the Microsoft way (part 75): Bypass of SAFER alias Software Restriction Policies NOT FIXED
- Defense in depth -- the Microsoft way (part 76): arbitrary code execution WITH elevation of privilege in user-writable directories below %SystemRoot%
- 2021-05-18
- Defense in depth -- the Microsoft way (part 77): access without access permission
- 2021-10-13
- Defense in depth -- the Microsoft way (part 78): completely outdated, vulnerable open source component(s) shipped with Windows 10&11
- 2021-10-14
- Defense in depth -- the Microsoft way (part 79): Local Privilege Escalation via Windows 11 Installation Assistant
- 2022-05-10
- Defense in depth -- the Microsoft way (part 80): 25 (in words: TWENTY-FIVE) year old TRIVIAL bug crashes CMD.exe
- 2023-02-10
- Defense in depth -- the Microsoft way (part 81): enabling UTF-8 support breaks existing code
- 2023-02-22
- Defense in depth -- the Microsoft way (part 82): INVALID/BOGUS AppLocker rules disable SAFER on Windows 11 22H2
- 2023-03-17
- Defense in depth -- the Microsoft way (part 83): instead to fix even their most stupid mistaskes, they spill barrels of snakeoil to cover them (or just leave them as-is)
- 2023-03-22
- Defense in depth -- the Microsoft way (part 84): (no) fun with %COMSPEC%
Contact
If you miss anything here, have additions, comments, corrections,
criticism or questions, want to give feedback, hints or tipps,
report broken links, bugs, deficiencies, errors, inaccuracies,
misrepresentations, omissions, shortcomings, vulnerabilities or
weaknesses, …: don’t hesitate to
contact me
and feel free to ask, comment, criticise, flame, notify or report!
Use the
X.509
certificate
to send
S/MIME
encrypted mail.
Note: email in weird format and without a proper
sender name is likely to be discarded!
I dislike
HTML (and even
weirder formats too) in email, I prefer to receive plain text.
I also expect to see your full (real) name as sender, not your
nickname.
I abhor top posts and expect inline quotes in replies.
Terms and Conditions
By using this site, you signify your agreement to these terms and
conditions. If you do not agree to these terms and conditions, do
not use this site!
- The software and the documentation on this site are provided
as is
without any warranty, neither express nor implied.
In no event will the author be held liable for any damage(s) arising
from the use of the software or the documentation.
- Permission is granted to use the current version of
the software and the current version of the
documentation solely for personal private and non-commercial
purposes.
An individuals use of the software or the documentation in his or
her capacity or function as an agent, (independent) contractor,
employee, member or officer of a business, corporation or
organisation (commercial or non-commercial) does not qualify as
personal private and non-commercial purpose.
- Without written approval from the author the software or the
documentation must not be used for a business, for
commercial, corporate, governmental, military or organisational
purposes of any kind, or in a commercial, corporate, governmental,
military or organisational environment of any kind.
- Redistribution of the software and the documentation is allowed only
in unmodified form of its current version and free
of charge.
Data Protection Declaration
This web page records no (personal) data and stores no
cookies
in the web browser.
The web service is operated and provided by
Telekom Deutschland GmbH
Business Center
D-64306 Darmstadt
Germany
<hosting@telekom.de>
+49 800 5252033
The web service provider stores a session cookie
in the web
browser and records every visit of this web site with the following
data in an access log on their server(s):
- the (pseudonymised)
IP address;
- the date and time of the request;
- the URL of
the requested web page or file;
- the Referer and User-Agent
HTTP
headers sent by the web browser;
- the result (success or failure) of the request;
- the amount of data received and sent.
Copyright © 1995–2023 • Stefan Kanthak •
<stefan.kanthak@nexgo.de>