Valid HTML 4.01 Transitional Valid CSS Valid SVG 1.0

Me, myself & IT

CVE identifiers

The following CVE® identifiers have been assigned to vulnerabilities I reported:
CVE-2002-0059
BitDefender Antivirus: Vulnerable zlib
CVE-2005-2056
ClamAV: Quantum Decompressor
CVE-2005-2096
GSview, Virtual Floppy Drive and cURL: Vulnerable zlib
CVE-2010-2568
Microsoft Windows: Shortcut Icon Loading Vulnerability
CVE-2010-3190
Apple iTunes: Untrusted Search Path
CVE-2014-0315
Microsoft Windows: File Handling Vulnerability
CVE-2015-8264
F-Secure Online Scanner: DLL Pre-Loading Attack
CVE-2016-0014
Microsoft Windows: DLL Loading Elevation of Privilege Vulnerability
CVE-2016-0602
Oracle VirtualBox: Windows Installer
CVE-2016-0603
Oracle Java: Windows Installer
CVE-2016-1014
Adobe Flash Player: Vulnerability in the Directory Search Path
CVE-2016-1281
VeraCrypt: Vulnerable Executable Installer
CVE-2016-1742
Apple iTunes: Vulnerable Executable Installer
CVE-2016-4247
Adobe Flash Player: Vulnerability in the Directory Search Path
CVE-2016-6167
puTTy: Vulnerable Executable Installer
CVE-2016-6804
Apache OpenOffice: Vulnerable Executable Installer
CVE-2016-7085
VMware Workstation: VMware Workstation installer DLL hijacking
CVE-2016-1000331
eclipse-inst-win32.exe is vulnerable to DLL (and was to EXE) hijacking, resulting in arbitrary code execution
CVE-2016-1000332
gnupg-w32cli-1.4.20.exe and all older installers; all installers before gnupg-w32-2.1.14_20160714.exe are vulnerable to DLL hijacking, resulting in arbitrary code execution WITH escalation of privilege
CVE-2016-7804
7z*.exe allows remote code execution with escalation of privilege
CVE-2017-2107
7z*.exe allows remote code execution with escalation of privilege
CVE-2017-5688
Intel® Solid State Drive Toolbox; all installers before version 3.4.5 are vulnerable to DLL hijacking, resulting in arbitrary code execution WITH escalation of privilege

Contact

If you miss anything here, have additions, comments, corrections, criticism or questions, want to give feedback, hints or tipps, report broken links, bugs, errors, inaccuracies, omissions, vulnerabilities or weaknesses, …:
don't hesitate to contact me and feel free to ask, comment, criticise, flame, notify or report!

Use the X.509 certificate to send S/MIME encrypted mail.

Notes: I dislike HTML (and even weirder formats too) in email, I prefer to receive plain text.
I also expect to see a full (real) name as sender, not a nickname!
Emails in weird formats and without a proper sender name are likely to be discarded.
I abhor top posts and expect inline quotes in replies.


Copyright © 1995-2017 • Stefan Kanthak • <‍skanthak‍@‍nexgo‍.‍de‍>