BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution Jan 15 2016 01:36PM
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installers python-3.5.1-webinstall.exe and
python-3.5.1.exe available on
<https://www.python.org/downloads/windows/> load and execute
multiple DLLs from their "application directory".

For software downloaded with a web browser the application
directory is typically the user...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus