Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Executable installers are vulnerable^WEVIL (case 35): eclipse-inst-win*.exe vulnerable to DLL and EXE hijacking
Jul 19 2016 02:05PM
Stefan Kanthak (stefan kanthak nexgo de)
eclipse-inst-win32.exe (and of course eclipse-inst-win64.exe
too) loads and executes multiple DLLs (in version 4.5 also
CMD.EXE) from its "application directory".
* version 4.5 ("Mars") on Windows 7:
UXTheme.dll, WindowsCodecs.dll, AppHelp.dll, SrvCli.dll,
Slc.dll, NTMarta.dll, ProfAPI...
[ more ]
Copyright 2010, SecurityFocus