Full Disclosure

Executable installers are vulnerable^WEVIL (case 45): ReadPDF's installers allow escalation of privilege

January 4, 2017 007admin Leave a comment

Posted by Stefan Kanthak on Jan 03

Hi @ll,

the executable installer “InstallTinyPDF.exe”, available from
<http://tinypdf.com/downloads.html>, is (surprise.-) vulnerable:

1. DLL hijacking (this is well-known and well-documented; see
<https://cwe.mitre.org/data/definitions/426.html>,
<https://cwe.mitre.org/data/definitions/427.html>
<https://capec.mitre.org/data/definitions/471.html>,
<…

Leave a Reply Cancel reply

You must be logged in to post a comment.

Software and Security Information