Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
[CVE-2016-1281] NOT FIXED: VeraCrypt*Setup*.exe still vulnerable to DLL hijacking
Jul 18 2016 04:40PM
Stefan Kanthak (stefan kanthak nexgo de)
this is basically a followup to <http://seclists.org/oss-sec/2016/q1/58>
CVE-2016-1281 is NOT FIXED!
I've retested the current "VeraCrypt Setup 1.17.exe" on a fully
patched Windows 7, and it is STILL (or AGAIN) vulnerable there.
The following DLLs are loaded from the "application directo...
[ more ]
Copyright 2010, SecurityFocus