Executable installers are vulnerable^WEVIL (case 19): ZoneAlarm's installers allow arbitrary (remote) code execution and escalation of privilege

Posted by Stefan Kanthak on Jan 08

Hi @ll,

the executable installers ZASPSetupWeb_141_011_000.exe and
zafwSetupWeb_141_011_000.exe load and execute (at least)
UXTheme.dll, WindowsCodecs.dll and ProfAPI.dll from their
“application directory”.

For software downloaded with a web browser the application
directory is typically the user’s “Downloads” directory: see
<https://insights.sei.cmu.edu/cert/2008/09/carpet-bombing-and-directory-poisoning.html>,…

Leave a Reply