Valid HTML 4.01 Transitional Valid CSS Valid SVG 1.0

Me, myself & IT


ATTENTION: due to the termination of my provider's homepage service, the web pages and all content located below http://home.arcor.de/skanthak/ will become unavailable on January 31, 2017!

All web pages and other content will then be available solely on https://skanthak.homepage.t-online.de/.
Please update your bookmarks and references!


Advisories, (some) comments and disclosures posted on security mailing lists

BugTraq

Advisories, (some) comments and disclosures posted on BugTraq, in chronological order:
2007-10-18
Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
Softwin's anti-virus BitDefender contains vulnerable zlib (CA-2007-07)
Softwin's anti-virus BitDefender contains vulnerable zlib (CA-2007-07)
Official Windows binaries of "curl" contain vulnerable zlib 1.2.2 (CAN-2005-2096)
Official Windows binaries of "curl" contain vulnerable zlib 1.2.2 (CAN-2005-2096)
2007-10-29
Windows binary of "Virtual Floppy Drive 2.1" contains vulnerable zlib (CAN-2005-2096)
Windows binary of "Virtual Floppy Drive 2.1" contains vulnerable zlib (CAN-2005-2096)
2008-03-09
Re: Firewire Attack on Windows Vista
Re: Firewire Attack on Windows Vista
2008-08-08
Re: OpenID/Debian PRNG/DNS Cache poisoning advisory
Re: OpenID/Debian PRNG/DNS Cache poisoning advisory
2008-11-18
Outdated and vulnerable OpenSource libraries used in "Deutsche Telekom" home banking software
Outdated and vulnerable OpenSource libraries used in "Deutsche Telekom" home banking software
2009-04-20
Windows Update (re-)installs outdated Flash ActiveX on Windows XP
Windows Update (re-)installs outdated Flash ActiveX on Windows XP
2009-07-15
Vulnerable DLLs distributed with Terratec HomeCinema 6.3
Vulnerable DLLs distributed with Terratec HomeCinema 6.3
2009-08-31
Vulnerable MSVC++ runtime distributed with OpenOffice.org 3.1.1 for Windows
Vulnerable MSVC++ runtime distributed with OpenOffice.org 3.1.1 for Windows
2009-11-28
Windows packages for BIND9 contain vulnerable MSVC runtime components
Windows packages for BIND9 contain vulnerable MSVC runtime components
2010-01-02
Latest Intel Pro/10* ethernet adaptor drivers contain vulnerable MSVC runtime!
Latest Intel Pro/10* ethernet adaptor drivers contain vulnerable MSVC runtime!
2010-02-06
Re: Samba Remote Zero-Day Exploit
Re: Samba Remote Zero-Day Exploit
2010-06-26
Nuance OmniPage 16 Professional installs multiple vulnerable Microsoft runtime libraries
Nuance OmniPage 16 Professional installs multiple vulnerable Microsoft runtime libraries
2010-09-10
Re: Binary Planting Goes "EXE"
Re: Binary Planting Goes "EXE"
2010-09-20
Vulnerable 3rd-party DLLs used in TrendMicro's malware scanner HouseCall
Vulnerable 3rd-party DLLs used in TrendMicro's malware scanner HouseCall
2010-12-10
Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
2011-05-16
Vulnerable and completely outdated 3rd party ZIP code in FastStone image viewer
Vulnerable and completely outdated 3rd party ZIP code in FastStone image viewer
2011-06-17
Essential PIM 4.22: MANY vulnerabilities in 3rd party libraries
Essential PIM 4.22: MANY vulnerabilities in 3rd party libraries
2011-06-19
Perfect PDF products distributed with vulnerable MSVC++ libraries
Perfect PDF products distributed with vulnerable MSVC++ libraries
2012-03-04
%windir%\temp\sso\ssoexec.dll (or: how trustworthy is Microsoft's build process)
%windir%\temp\sso\ssoexec.dll (or: how trustworthy is Microsoft's build process)
2012-05-13
ICACLS.EXE ignores and destroys SE_DACL_PROTECTED/SE_SACL_PROTECTED
ICACLS.EXE ignores and destroys SE_DACL_PROTECTED/SE_SACL_PROTECTED
2012-06-19
[Win32-API] SetNamedSecurityInfo() IGNORES and DESTROYS protected DACLs/SACLs
[Win32-API] SetNamedSecurityInfo() IGNORES and DESTROYS protected DACLs/SACLs
2012-06-25
OpenLimit Reader for Windows contains completely outdated, superfluous and VULNERABLE system components
OpenLimit Reader for Windows contains completely outdated, superfluous and VULNERABLE system components
2012-07-03
Vulnerable Microsoft VC++ 2005 runtime libraries in "Microsoft Live Meeting 2007 Client" installed in private location
Vulnerable Microsoft VC++ 2005 runtime libraries in "Microsoft Live Meeting 2007 Client" installed in private location
2012-08-09
How well does Microsoft support (and follow) their mantra "keep your PC updated"?
How well does Microsoft support (and follow) their mantra "keep your PC updated"?
2012-09-24
"Dell Data Protection | Access" for Windows contains and installs outdated, superfluous and vulnerable system components and 3rd party components/drivers
"Dell Data Protection | Access" for Windows contains and installs outdated, superfluous and vulnerable system components and 3rd party components/drivers
2012-10-03
Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by Ogg DirectShow filters
Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by Ogg DirectShow filters
2012-11-02
Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by eM client
Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by eM client
2012-11-06
Vulnerable, superfluous/outdated/deprecated/superseded 3rd party OCXs and DLLs distributed by and installed with Dataram RamDisk 4.0.0
Vulnerable, superfluous/outdated/deprecated/superseded 3rd party OCXs and DLLs distributed by and installed with Dataram RamDisk 4.0.0
2013-01-20
Mozilla Firefox and Microsoft Internet Explorer stall when using workaround from MS06-020 or MS06-069
Mozilla Firefox and Microsoft Internet Explorer stall when using workaround from MS06-020 or MS06-069
2013-05-04
Vulnerability in Microsoft Security Essentials <v4.2
Vulnerability in Microsoft Security Essentials <v4.2
2013-05-06
VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone 6
VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone 6
2013-05-08
Vulnerability in "Fujitsu Desktop Update" (for Windows)
Vulnerability in "Fujitsu Desktop Update" (for Windows)
2013-05-09
Re: Vulnerabilities in Windows 8 Professional x64 factory preinstallation of Fujitsu Lifebook A512 [continued]
Re: Vulnerabilities in Windows 8 Professional x64 factory preinstallation of Fujitsu Lifebook A512 [continued]
2013-05-19
Defense in depth -- the Microsoft way
Defense in depth -- the Microsoft way
2013-06-03
Vulnerable Microsoft VC++ 2005 RTM runtime libraries installed with "Microsoft Security Essentials" (and numerous other Microsoft products)
Vulnerable Microsoft VC++ 2005 RTM runtime libraries installed with "Microsoft Security Essentials" (and numerous other Microsoft products)
2013-07-10
VULNERABLE (3rd party) components in Adobe Reader 11.0.03, and dangling reference to Acrobat.exe
VULNERABLE (3rd party) components in Adobe Reader 11.0.03, and dangling reference to Acrobat.exe
2013-07-22
Defense in depth -- the Microsoft way (part 4)
Defense in depth -- the Microsoft way (part 4)
2013-07-27
Defense in depth -- the Microsoft way (part 5): sticky, persistent vulnerabilities
Defense in depth -- the Microsoft way (part 5): sticky, persistent vulnerabilities
2013-08-07
Defense in depth -- the Microsoft way (part 6): beginner's errors, QA sound asleep or out of sight!
Defense in depth -- the Microsoft way (part 6): beginner's errors, QA sound asleep or out of sight!
2013-08-08
OUTDATED, UNSUPPORTED and VULNERABLE 3rd party components installed with Exact Audio Copy
OUTDATED, UNSUPPORTED and VULNERABLE 3rd party components installed with Exact Audio Copy
2013-08-11
Re: Apache suEXEC privilege elevation / information disclosure
Re: Apache suEXEC privilege elevation / information disclosure
2013-08-17
Defense in depth -- the Microsoft way (part 7): executable files in data directories
Defense in depth -- the Microsoft way (part 7): executable files in data directories
2013-08-21
Windows Embedded POSReady 2009: cruft, not craft
Windows Embedded POSReady 2009: cruft, not craft
2013-08-24
Defense in depth -- the Microsoft way (part 8): execute everywhere!
Defense in depth -- the Microsoft way (part 8): execute everywhere!
2013-08-31
Defense in depth -- the Microsoft way (part 9): erroneous documentation
Defense in depth -- the Microsoft way (part 9): erroneous documentation
2013-10-01
Defense in depth -- the Microsoft way (part 11): privilege escalation for dummies
Defense in depth -- the Microsoft way (part 11): privilege escalation for dummies
2013-10-19
Defense in depth -- the Microsoft way (part 12): NOOP security fixes
Defense in depth -- the Microsoft way (part 12): NOOP security fixes
2013-11-03
Defense in depth -- the Microsoft way (part 13): surprising and inconsistent behaviour, sloppy coding, sloppy QA, sloppy documentation
2013-11-08
Re: Word 2003 SP2 .doc fork bomb on WinXP SP3
Re: Word 2003 SP2 .doc fork bomb on WinXP SP3
2013-11-24
Defense in depth -- the Microsoft way (part 14): incomplete, misleading and dangerous documentation
Defense in depth -- the Microsoft way (part 14): incomplete, misleading and dangerous documentation
2014-04-16
Buggy insecure "security" software executes rogue binary during installation and uninstallation
Buggy insecure "security" software executes rogue binary during installation and uninstallation
2014-05-20
Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe
Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe
2014-05-28
Defense in depth -- the Microsoft way (part 15): unquoted arguments in 120 (of 462) command lines
Defense in depth -- the Microsoft way (part 15): unquoted arguments in 120 (of 462) command lines
2014-07-07
iTunes 11.2.2 for Windows: completely outdated and vulnerable 3rd party libraries
iTunes 11.2.2 for Windows: completely outdated and vulnerable 3rd party libraries
2014-07-23
Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
2014-08-07
Beginners error: QuickTime for Windows runs rogue program C:\Program.exe when opening associated files
Beginners error: QuickTime for Windows runs rogue program C:\Program.exe when opening associated files
2014-08-16
Beginners error: Apple's Software Update runs rogue program C:\Program.exe (and some more)
Beginners error: Apple's Software Update runs rogue program C:\Program.exe (and some more)
Beginners error: Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs
Beginners error: Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs
Beginners error: Apple's iCloudServices for Windows run rogue program C:\Program.exe (and some more)
Beginners error: Apple's iCloudServices for Windows run rogue program C:\Program.exe (and some more)
2014-09-02
Defense in depth -- the Microsoft way (part 18): Microsoft Office 2010 registers command lines with unquoted pathnames
Defense in depth -- the Microsoft way (part 18): Microsoft Office 2010 registers command lines with unquoted pathnames
2014-09-06
Defense in depth -- the Microsoft way (part 19): still no "perfect forward secrecy" per default in Windows 8/7/Vista/Server 2012/Server 2008 [R2]
Defense in depth -- the Microsoft way (part 19): still no "perfect forward secrecy" per default in Windows 8/7/Vista/Server 2012/Server 2008 [R2]
2014-10-24
Still beginner's errors (and outdated 3rd party components) in QuickTime 7.7.6 and iTunes 12.0.1
Still beginner's errors (and outdated 3rd party components) in QuickTime 7.7.6 and iTunes 12.0.1
iTunes 12.0.1 for Windows: still COMPLETELY outdated and VULNERABLE 3rd party libraries
iTunes 12.0.1 for Windows: still COMPLETELY outdated and VULNERABLE 3rd party libraries
2014-11-27
Defense in depth -- the Microsoft way (part 22): no DEP in Windows' filesystem (and ASLR barely used)
Defense in depth -- the Microsoft way (part 22): no DEP in Windows' filesystem (and ASLR barely used)
2014-12-13
Defense in depth -- the Microsoft way (part 23): two quotes or not to quote...
Defense in depth -- the Microsoft way (part 23): two quotes or not to quote...
2014-12-30
Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook
Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook
2015-01-31
Defense in depth -- the Microsoft way (part 27): the command line you get differs from the command line I use to call you
Defense in depth -- the Microsoft way (part 27): the command line you get differs from the command line I use to call you
2015-02-11
[ANN] MSKB 3004375 available for Windows 2000 and later too (but NOT from Mcirosoft)
[ANN] MSKB 3004375 available for Windows 2000 and later too (but NOT from Mcirosoft)
2015-02-19
Defense in depth -- the Microsoft way (part 28): yes, we can (create even empty, but properly quoted pathnames)
Defense in depth -- the Microsoft way (part 28): yes, we can (create even empty, but properly quoted pathnames)
iTunes 12.1.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...
iTunes 12.1.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...
2015-02-21
Defense in depth -- the Microsoft way (part 29): contradicting, ambiguous, incomplete documentation
Defense in depth -- the Microsoft way (part 29): contradicting, ambiguous, incomplete documentation
2015-03-15
Defense in depth -- the Mozilla way: return and exit codes are dispensable
Defense in depth -- the Mozilla way: return and exit codes are dispensable
2015-03-15
Defense in depth -- the Microsoft way (part 30): on exploitable Win32 functions
Defense in depth -- the Microsoft way (part 30): on exploitable Win32 functions
Defense in depth -- the Microsoft way (part 31): UAC is for binary planting
Defense in depth -- the Microsoft way (part 31): UAC is for binary planting
2015-07-01
iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...
iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...
2015-08-04
Mozilla extensions: a security nightmare
Mozilla extensions: a security nightmare
2015-08-05
Vulnerable MSVC++ runtime distributed with LibreOffice 5.0.0 for Windows
Vulnerable MSVC++ runtime distributed with LibreOffice 5.0.0 for Windows
2015-08-12
Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
2015-09-04
Defense in depth -- the Microsoft way (part 32): yet another (trivial) UAC bypass resp. privilege escalation
Defense in depth -- the Microsoft way (part 32): yet another (trivial) UAC bypass resp. privilege escalation
2015-09-08
Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe
Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe
2015-09-19
Defense in depth -- the Microsoft way (part 35): Windows Explorer ignores "Run as administrator" ...
Defense in depth -- the Microsoft way (part 35): Windows Explorer ignores "Run as administrator" ...
2015-10-28
Arbitrary code execution resp. escalation of privilege with Mozilla's SETUP.EXE
Arbitrary code execution resp. escalation of privilege with Mozilla's SETUP.EXE
2015-12-07
Executable installers are vulnerable^WEVIL (case 6): SumatraPDF-*-installer.exe allows remote code execution with escalation of privilege
Executable installers are vulnerable^WEVIL (case 6): SumatraPDF-*-installer.exe allows remote code execution with escalation of privilege
Executable installers are vulnerable^WEVIL (case 2): NSIS allows remote code execution with escalation of privilege
Executable installers are vulnerable^WEVIL (case 2): NSIS allows remote code execution with escalation of privilege
Executable installers are vulnerable^WEVIL (case 8): vlc-*.exe allows remote code execution with escalation of privilege
Executable installers are vulnerable^WEVIL (case 8): vlc-*.exe allows remote code execution with escalation of privilege
2015-12-08
Executable installers are vulnerable^WEVIL (case 5): JRSoft InnoSetup
Executable installers are vulnerable^WEVIL (case 5): JRSoft InnoSetup
Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege
Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege
2015-12-09
Executable installers are vulnerable^WEVIL (case 9): Chrome's setup.exe allows arbitrary code execution and escalation of privilege
Executable installers are vulnerable^WEVIL (case 9): Chrome's setup.exe allows arbitrary code execution and escalation of privilege
2015-12-14
Executable installers are vulnerable^WEVIL (case 10): McAfee Security Scan Plus, WebAdvisor and CloudAV (Beta)
Executable installers are vulnerable^WEVIL (case 10): McAfee Security Scan Plus, WebAdvisor and CloudAV (Beta)
2015-12-18
Executable uninstallers are vulnerable^WEVIL (case 12): Avira Registry Cleaner allows arbitrary code execution with escalation of privilege
Executable uninstallers are vulnerable^WEVIL (case 12): Avira Registry Cleaner allows arbitrary code execution with escalation of privilege
2015-12-21
Almost no resp. only some mitigation(s) for "DLL hijacking" via load-time dependencies
Almost no resp. only some mitigation(s) for "DLL hijacking" via load-time dependencies
Executable installers are vulnerable^WEVIL (case 13): ESET NOD32 antivirus installer allows remote code execution with escalation of privilege
Executable installers are vulnerable^WEVIL (case 13): ESET NOD32 antivirus installer allows remote code execution with escalation of privilege
2015-12-22
Executable installers are vulnerable^WEVIL (case 14): Rapid7's ScanNowUPnP.exe allows arbitrary (remote) code execution
Executable installers are vulnerable^WEVIL (case 14): Rapid7's ScanNowUPnP.exe allows arbitrary (remote) code execution
2015-12-23
Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege
Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege
2015-12-31
Executable installers are vulnerable^WEVIL (case 16): Trend Micro's installers allows arbitrary (remote) code execution
Executable installers are vulnerable^WEVIL (case 16): Trend Micro's installers allows arbitrary (remote) code execution
2016-01-03
Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities
Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities
2016-01-07
Executable installers are vulnerable^WEVIL (case 18): EMSISoft's installers allow arbitrary (remote) code execution and escalation of privilege
Executable installers are vulnerable^WEVIL (case 18): EMSISoft's installers allow arbitrary (remote) code execution and escalation of privilege
Executable installers are vulnerable^WEVIL (case 19): ZoneAlarm's installers allow arbitrary (remote) code execution and escalation of privilege
Executable installers are vulnerable^WEVIL (case 19): ZoneAlarm's installers allow arbitrary (remote) code execution and escalation of privilege
2016-01-08
Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege
Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege
2016-01-13
[CVE-2016-0014] Executable installers are vulnerable^WEVIL (case 1): Microsoft's IExpress resp. WExtract, SFXCab, BoxStub, ...
[CVE-2016-0014] Executable installers are vulnerable^WEVIL (case 1): Microsoft's IExpress resp. WExtract, SFXCab, BoxStub, ...
2016-01-15
Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution
Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution
Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories?
Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories?
2016-01-19
Executable installers are vulnerable^WEVIL (case 21): Panda Security's installers allow arbitrary (remote) code execution AND escalation of privilege with PANDAIS16.exe
Executable installers are vulnerable^WEVIL (case 21): Panda Security's installers allow arbitrary (remote) code execution AND escalation of privilege with PANDAIS16.exe
2016-01-21
Executable installers are vulnerable^WEVIL (case 3): WiX Toolset's bootstrapper "burn.exe"
Executable installers are vulnerable^WEVIL (case 3): WiX Toolset's bootstrapper "burn.exe"
2016-01-30
Executable installers are vulnerable^WEVIL (case 23): WinImage's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege
Executable installers are vulnerable^WEVIL (case 23): WinImage's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege
2016-02-05
[CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox
[CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox
2016-02-07
Executable installers are vulnerable^WEVIL (case 25): WinRAR's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege
Executable installers are vulnerable^WEVIL (case 25): WinRAR's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege
2016-02-24
Executable installers are vulnerable^WEVIL (case 4): InstallShield's wrapper and setup.exe
Executable installers are vulnerable^WEVIL (case 4): InstallShield's wrapper and setup.exe
Executable installers are vulnerable^WEVIL (case 26): the installer of GIMP for Windows allows arbitrary (remote) and escalation of privilege
Executable installers are vulnerable^WEVIL (case 26): the installer of GIMP for Windows allows arbitrary (remote) and escalation of privilege
2016-02-26
Executable installers are vulnerable^WEVIL (case 28): Google's Chrome cleanup tool allows arbitrary (remote) code execution WITH escalation of privilege
Executable installers are vulnerable^WEVIL (case 28): Google's Chrome cleanup tool allows arbitrary (remote) code execution WITH escalation of privilege
Executable installers are vulnerable^WEVIL (case 27): Cygwin's installers allow arbitrary (remote) code execution WITH escalation of privilege
Executable installers are vulnerable^WEVIL (case 27): Cygwin's installers allow arbitrary (remote) code execution WITH escalation of privilege
2016-03-01
Executable installers are vulnerable^WEVIL (case 29): putty-0.66-installer.exe allows arbitrary (remote) code execution WITH escalation of privilege
Executable installers are vulnerable^WEVIL (case 29): putty-0.66-installer.exe allows arbitrary (remote) code execution WITH escalation of privilege
2016-03-06
Executable installers are vulnerable^WEVIL (case 30): clamwin-0.99-setup.exe allows arbitrary (remote) code execution WITH escalation of privilege
Executable installers are vulnerable^WEVIL (case 30): clamwin-0.99-setup.exe allows arbitrary (remote) code execution WITH escalation of privilege
Executable installers are vulnerable^WEVIL (case 31): MalwareBytes' installers allows arbitrary (remote) code execution WITH escalation of privilege
Executable installers are vulnerable^WEVIL (case 31): MalwareBytes' installers allows arbitrary (remote) code execution WITH escalation of privilege
2016-03-09
Re: Windows Mail Find People DLL side loading vulnerability
Re: Windows Mail Find People DLL side loading vulnerability
2016-03-15
Defense in depth -- the Microsoft way (part 39): vulnerabilities, please meet the bar for security servicing
Defense in depth -- the Microsoft way (part 39): vulnerabilities, please meet the bar for security servicing
2016-04-18
Executable installers are vulnerable^WEVIL (case 33): GData's installers allow escalation of privilege
Executable installers are vulnerable^WEVIL (case 33): GData's installers allow escalation of privilege
2016-04-28
Mozilla doesn't care for upstream security fixes, and doesn't bother to send own security fixes upstream
Mozilla doesn't care for upstream security fixes, and doesn't bother to send own security fixes upstream
2016-06-15
[CVE-2014-1520] NOT FIXED: privilege escalation via Mozilla's executable installers
[CVE-2014-1520] NOT FIXED: privilege escalation via Mozilla's executable installers
2016-06-17
[CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player
[CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player
2016-07-01
Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking
Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking
2016-07-13
[CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers
[CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers
2016-07-18
[CVE-2016-1281] NOT FIXED: VeraCrypt*Setup*.exe still vulnerable to DLL hijacking
[CVE-2016-1281] NOT FIXED: VeraCrypt*Setup*.exe still vulnerable to DLL hijacking
2016-07-19
Executable installers are vulnerable^WEVIL (case 35): eclipse-inst-win*.exe vulnerable to DLL and EXE hijacking
Executable installers are vulnerable^WEVIL (case 35): eclipse-inst-win*.exe vulnerable to DLL and EXE hijacking
2016-07-23
Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking
Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking
Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design
Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design
2016-08-11
Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP%
Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP%
2016-09-06
Defense in depth -- the Microsoft way (part 43): restricting the DLL load order fails
2016-10-20
Defense in depth -- the Microsoft way (part 45): filesystem redirection fails to redirect the application directory
Defense in depth -- the Microsoft way (part 45): filesystem redirection fails to redirect the application directory
Defense in depth -- the Microsoft way (part 44): complete failure of Windows Update
Defense in depth -- the Microsoft way (part 44): complete failure of Windows Update
2016-11-17
Executable installers are vulnerable^WEVIL (case 41): EmsiSoft's Emergency Kit allows elevation of privilege for everybody
Executable installers are vulnerable^WEVIL (case 41): EmsiSoft's Emergency Kit allows elevation of privilege for everybody

Full Disclosure

Advisories, (some) comments and disclosures posted on Full Disclosure, in chronological order:
2008-11-18
Outdated and vulnerable OpenSource libraries used in "Deutsche Telekom" home banking software
2009-04-20
Windows Update (re-)installs outdated Flash ActiveX on Windows XP
2009-07-16
Vulnerable DLLs distributed with Terratec HomeCinema 6.3
2009-08-31
Vulnerable MSVC++ runtime distributed with OpenOffice.org 3.1.1 for Windows
2010-06-26
Nuance OmniPage 16 Professional installs multiple vulnerable Microsoft runtime libraries
2010-09-13
Re: Nmap NOT VULNERABLE to Windows DLL HijackingVulnerability
2010-09-15
Re: DLL hijacking with Autorun on a USB drive
2010-09-20
Vulnerable 3rd-party DLLs used in TrendMicro's malware scanner HouseCall
2010-12-13
Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
2011-05-16
Vulnerable and completely outdated 3rd party ZIP code in FastStone image viewer
2011-06-17
Essential PIM 4.22: MANY vulnerabilities in 3rd party libraries
2011-06-19
Perfect PDF products distributed with vulnerable MSVC++ libraries
2011-09-16
Re: Microsoft's Binary Planting Clean-Up Mission
2011-09-22
Re: Fix for NTFS permissions issue in QuickTime 7.xfor Windows
2011-11-14
Microsoft security hotfix MS11-071 alias KB2570947 incomplete
2012-03-02
%windir%\temp\sso\ssoexec.dll (or: how trustworthy is Microsoft's build process)
2012-05-13
ICACLS.EXE ignores and destroys SE_DACL_PROTECTED/SE_SACL_PROTECTED
2012-06-19
[Win32-API] SetNamedSecurityInfo() IGNORES and DESTROYS protected DACLs/SACLs
2012-06-25
OpenLimit Reader for Windows contains completely outdated, superfluous and VULNERABLE system components
2012-07-03
Vulnerable Microsoft VC++ 2005 runtime libraries in "Microsoft Live Meeting 2007 Client" installed in private location
2012-07-04
Re: Windows short (8.3) filenames - a security nightmare?
2012-07-09
Re: How much time is appropriate for fixing a bug?
2012-08-09
How well does Microsoft support (and follow) their mantra "keep your PC updated"?
2012-09-24
"Dell Data Protection | Access" for Windows contains and installs outdated, superfluous and vulnerable system components and 3rd party components/drivers
2012-10-03
Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by Ogg DirectShow filters
2012-11-02
Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by eM client
2012-11-06
Vulnerable, superfluous/outdated/deprecated/superseded 3rd party OCXs and DLLs distributed by and installed with Dataram RamDisk 4.0.0
2013-01-20
Mozilla Firefox and Microsoft Internet Explorer stall when using workaround from MS06-020 or MS06-069
2013-05-04
Vulnerability in Microsoft Security Essentials <v4.2
2013-05-05
Vulnerabilities in Windows 8 Professional x64 factory preinstallation of Fujitsu Lifebook A512
2013-05-06
VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone 6
VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone System 11
2013-05-08
Vulnerability in "Fujitsu Desktop Update" (for Windows)
2013-05-19
Defense in depth -- the Microsoft way
2013-06-03
Vulnerable Microsoft VC++ 2005 RTM runtime libraries installed with "Microsoft Security Essentials" (and numerous other Microsoft products)
2013-06-16
Defense in depth -- the Microsoft way (part 3)
2013-07-10
VULNERABLE (3rd party) components in Adobe Reader 11.0.03, and dangling reference to Acrobat.exe
2013-07-22
Defense in depth -- the Microsoft way (part 4)
2013-07-27
Defense in depth -- the Microsoft way (part 5): sticky, persistent vulnerabilities
2013-08-07
Defense in depth -- the Microsoft way (part 6): beginner's errors, QA sound asleep or out of sight!
2013-08-08
OUTDATED, UNSUPPORTED and VULNERABLE 3rd party components installed with Exact Audio Copy
2013-08-17
Defense in depth -- the Microsoft way (part 7): executable files in data directories
2013-08-21
Windows Embedded POSReady 2009: cruft, not craft
2013-08-24
Defense in depth -- the Microsoft way (part 8): execute everywhere!
2013-08-31
Defense in depth -- the Microsoft way (part 9): erroneous documentation
2013-09-21
Defense in depth -- the Microsoft way (part 10)
2013-10-02
Defense in depth -- the Microsoft way (part 11): privilege escalation for dummies
2013-10-19
Defense in depth -- the Microsoft way (part 12): NOOP security fixes
2013-11-03
Defense in depth -- the Microsoft way (part 13): surprising and inconsistent behaviour, sloppy coding, sloppy QA, sloppy documentation
2013-11-24
Defense in depth -- the Microsoft way (part 14): incomplete, misleading and dangerous documentation
2014-04-16
Buggy insecure "security" software executes rogue binary during installation and uninstallation
2014-04-30
Beginners error: iTunes for Windows runs rogue program C:\Program.exe when opening associated files
2014-05-06
Beginners error: Piriform's Crap Cleaner^W runs rogue program C:\Program.exe
2014-05-08
Beginners error: Synaptics touchpad driver delivered via Windows Update executes rogue program C:\Program.exe with system privileges during installation
2014-05-21
Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe
2014-05-28
Defense in depth -- the Microsoft way (part 15): unquoted arguments in 120 (of 462) command lines
2014-05-29
How to use the vulnerable flash player plugin installed with Adobe Reader XI (and other Adobe products)
2014-05-31
Defense in depth -- the Microsoft way (part 16): our developers and their QA dont follow our own security recommendations
2014-06-25
Defense in depth -- the Microsoft way (part 17): even a one-line script is vulnerable
2014-07-07
iTunes 11.2.2 for Windows: completely outdated and vulnerable 3rd party libraries
2014-07-23
Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
2014-08-07
Beginners error: QuickTime for Windows runs rogue program C:\Program.exe when opening associated files
2014-08-16
Beginners error: Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs
Beginners error: Apple's Software Update runs rogue program C:\Program.exe (and some more)
Beginners error: Apple's iCloudServices for Windows run rogue program C:\Program.exe (and some more)
2014-09-02
Defense in depth -- the Microsoft way (part 18): Microsoft Office 2010 registers command lines with unquoted pathnames
2014-09-06
Defense in depth -- the Microsoft way (part 19): still no "perfect forward secrecy" per default in Windows 8/7/Vista/Server 2012/Server 2008 [R2]
2014-10-24
Still beginner's errors (and outdated 3rd party components) in QuickTime 7.7.6 and iTunes 12.0.1
iTunes 12.0.1 for Windows: still COMPLETELY outdated and VULNERABLE 3rd party libraries
2014-11-20
Beginners error: "Google update" runs rogue programs %USERPROFILE%\Local.exe, %USERPROFILE%\Local Settings\Application.exe, %SystemDrive%\Documents.exe, %SystemDrive%\Program.exe, ...
2014-11-23
Defense in depth -- the Microsoft way (part 21): errors/inconsistencies in Windows registry data may lead to buffer overflows or use of random data
Defense in depth -- the Microsoft way (part 20): Microsoft Update may fail to offer current security updates
2014-11-27
Defense in depth -- the Microsoft way (part 22): no DEP in Windows' filesystem (and ASLR barely used)
2014-12-13
Defense in depth -- the Microsoft way (part 23): two quotes or not to quote...
2014-12-21
Defense in depth -- the Microsoft way (part 24): applications built with SDKs may be vulnerable
2014-12-26
Defense in depth -- the Microsoft way (part 25): no secure connections to MSDN, TechNet, ...
2014-12-31
Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook
2015-01-31
Defense in depth -- the Microsoft way (part 27): the command line you get differs from the command line I use to call you
iTunes 12.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...
2015-02-11
[ANN] MSKB 3004375 available for Windows 2000 and later too (but NOT from Mcirosoft)
2015-02-19
Defense in depth -- the Microsoft way (part 28): yes, we can (create even empty, but properly quoted pathnames)
iTunes 12.1.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...
2015-02-21
Defense in depth -- the Microsoft way (part 29): contradicting, ambiguous, incomplete documentation
2015-03-15
Defense in depth -- the Mozilla way: return and exit codes are dispensable
Defense in depth -- the Microsoft way (part 30): on exploitable Win32 functions
Defense in depth -- the Microsoft way (part 31): UAC is for binary planting
2015-07-01
iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...
2015-07-04
Re: Microsoft Office - OLE Packager allows code execution in all Office versions, with macros disabled and high security templates applied
2015-08-04
Mozilla extensions: a security nightmare
2015-08-05
Vulnerable MSVC++ runtime distributed with LibreOffice 5.0.0 for Windows
2015-09-04
Defense in depth -- the Microsoft way (part 32): yet another (trivial) UAC bypass resp. privilege escalation
2015-09-09
Defense in depth -- the Microsoft way (part 34): our developers and our QA still ignore our own security recommendations
2015-09-11
Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe
2015-09-19
Defense in depth -- the Microsoft way (part 35): Windows Explorer ignores "Run as administrator" ...
2015-10-13
Mozilla extensions: a security nightmare (part 2)
2015-10-05
Re: Watch your Downloads: the risk of the "auto-download" feature on Microsoft Edge and Google Chrome
2015-10-28
Arbitrary code execution resp. escalation of privilege with Mozilla's SETUP.EXE
2015-11-15
Defense in depth -- the Microsoft way (part 36): CWE-428 or fun with unquoted paths
2015-11-25
Mitigations for "carpet bombing" alias "directory poisoning" attacks against executable installers
2015-12-05
Defense in depth -- the Microsoft way (part 37): MMC.exe and DrvInst.exe load and execute ".dll" with elevated resp. SYSTEM privileges
2015-12-07
Executable installers are vulnerable^WEVIL (case 6): SumatraPDF-*-installer.exe allows remote code execution with escalation of privilege
Executable installers are vulnerable^WEVIL (case 8): vlc-*.exe allows remote code execution with escalation of privilege
Executable installers are vulnerable^WEVIL (case 2): NSIS allows remote code execution with escalation of privilege
2015-12-08
Executable installers are vulnerable^WEVIL (case 5): JRSoft InnoSetup
Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege
2015-12-09
Executable installers are vulnerable^WEVIL (case 9): Chrome's setup.exe allows arbitrary code execution and escalation of privilege
2015-12-14
Executable installers are vulnerable^WEVIL (case 10): McAfee Security Scan Plus, WebAdvisor and CloudAV (Beta)
Executable installers are vulnerable^WEVIL (case 11): Nmap <7.01 and Nmap-WinPcap <4.13
2015-12-18
Executable uninstallers are vulnerable^WEVIL (case 12): Avira Registry Cleaner allows arbitrary code execution with escalation of privilege
2015-12-21
Almost no resp. only some mitigation(s) for "DLL hijacking" via load-time dependencies
Executable installers are vulnerable^WEVIL (case 13): ESET NOD32 antivirus installer allows remote code execution with escalation of privilege
2015-12-22
Executable installers are vulnerable^WEVIL (case 14): Rapid7's ScanNowUPnP.exe allows arbitrary (remote) code execution
2015-12-23
Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege
2015-12-31
Executable installers are vulnerable^WEVIL (case 16): Trend Micro's installers allows arbitrary (remote) code execution
2016-01-03
Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities
2016-01-07
Executable installers are vulnerable^WEVIL (case 18): EMSISoft's installers allow arbitrary (remote) code execution and escalation of privilege
Executable installers are vulnerable^WEVIL (case 19): ZoneAlarm's installers allow arbitrary (remote) code execution and escalation of privilege
2016-01-08
Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege
2016-01-13
[CVE-2016-0014] Executable installers are vulnerable^WEVIL (case 1): Microsoft's IExpress resp. WExtract, SFXCab, BoxStub, ...
2016-01-15
Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution
Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories?
2016-01-30
Executable installers are vulnerable^WEVIL (case 23): WinImage's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege
2016-02-05
[CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox
2016-02-07
Executable installers are vulnerable^WEVIL (case 25): WinRAR's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege
2016-02-24
Executable installers are vulnerable^WEVIL (case 4): InstallShield's wrapper and setup.exe
Executable installers are vulnerable^WEVIL (case 26): the installer of GIMP for Windows allows arbitrary (remote) and escalation of privilege
2016-03-01
Executable installers are vulnerable^WEVIL (case 29): putty-0.66-installer.exe allows arbitrary (remote) code execution WITH escalation of privilege
2016-03-06
Executable installers are vulnerable^WEVIL (case 30): clamwin-0.99-setup.exe allows arbitrary (remote) code execution WITH escalation of privilege
Executable installers are vulnerable^WEVIL (case 31): MalwareBytes' installers allows arbitrary (remote) code execution WITH escalation of privilege
2016-03-09
Re: Windows Mail Find People DLL side loading vulnerability
2016-03-15
Defense in depth -- the Microsoft way (part 39): vulnerabilities, please meet the bar for security servicing
2016-03-22
Executable installers are vulnerable^WEVIL (case 32): Comodo's installers allow arbitrary (remote) code execution WITH escalation of privilege
2016-04-18
Executable installers are vulnerable^WEVIL (case 33): GData's installers allow escalation of privilege
2016-04-28
Mozilla doesn't care for upstream security fixes, and doesn't bother to send own security fixes upstream
2016-05-28
Defense in depth -- the Microsoft way (part 40): seven+ year old "blended" threat still alive and kicking
2016-06-15
[CVE-2014-1520] NOT FIXED: privilege escalation via Mozilla's executable installers
2016-06-17
[CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player
2016-07-01
Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking
2016-07-13
[CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers
2016-07-23
Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking
Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design
2016-08-11
Executable installers are vulnerable^WEVIL (case 38): Microsoft's Windows10Upgrade*.exe allows elevation of privilege
Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP%
2016-08-15
Executable installers are vulnerable^WEVIL (case 39): MalwareBytes' "junkware removal tool" allows escalation of privilege
2016-08-29
Executable installers are vulnerable^WEVIL (case 40): Aviras' full package installers allow escalation of privilege
2016-09-06
Defense in depth -- the Microsoft way (part 43): restricting the DLL load order fails
2016-10-12
Defense in depth -- the Microsoft way (part 44): complete failure of Windows Update
2016-10-20
Defense in depth -- the Microsoft way (part 45): filesystem redirection fails to redirect the application directory
2016-11-17
Executable installers are vulnerable^WEVIL (case 41): EmsiSoft's Emergency Kit allows elevation of privilege for everybody
2016-12-29
Executable installers are vulnerable^WEVIL (case 42): SoftMaker's FreeOffice installer allows escalation of privilege
2016-12-31
Executable installers are vulnerable^WEVIL (case 43): SoftMaker's Office service pack installers allow escalation of privilege
2017-01-02
Executable installers are vulnerable^WEVIL (case 45): ReadPDF's installers allow escalation of privilege
2017-01-13
Executable installers are vulnerable^WEVIL (case 44): SoftMaker's FlexiPDF installers allow escalation of privilege

Contact

If you miss anything here, have additions, comments, corrections, criticism or questions, want to give feedback, hints or tipps, report broken links, bugs, errors, inaccuracies, omissions, vulnerabilities or weaknesses, …:
don't hesitate to contact me and feel free to ask, comment, criticise, flame, notify or report!

Use the X.509 certificate to send S/MIME encrypted mail.

Notes: I dislike HTML (and even weirder formats too) in email, I prefer to receive plain text.
I also expect to see a full (real) name as sender, not a nickname!
Emails in weird formats and without a proper sender name are likely to be discarded.
I abhor top posts and expect inline quotes in replies.


[Counter]
• Copyright © 1995-2017 • Stefan Kanthak • <­skanthak­@­arcor­.­de­>