Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege

January 8, 2016 007admin Leave a comment

Posted by Stefan Kanthak on Jan 08

Hi @ll,

the executable installers “TrueCrypt Setup 7.1a.exe” and
TrueCrypt-7.2.exe load and execute USP10.dll, RichEd20.dll,
NTMarta.dll and SRClient.dll from their “application directory”.

For software downloaded with a web browser the application
directory is typically the user’s “Downloads” directory: see
<https://insights.sei.cmu.edu/cert/2008/09/carpet-bombing-and-directory-poisoning.html>,
<…

007 Software

Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege

Leave a Reply Cancel reply

Software and Security Information