Full Disclosure

Executable installers are vulnerable^WEVIL (case 29): putty-0.66-installer.exe allowa arbitrary (remote) code execution WITH escalation of privilege

March 4, 2016 007admin Leave a comment

Posted by Stefan Kanthak on Mar 04

Hi,

putty-0.66-installer.exe loads and executes DWMAPI.dll or
UXTheme.dll from its “application directory”.

For software downloaded with a web browser the application
directory is typically the user’s “Downloads” directory: see
<https://insights.sei.cmu.edu/cert/2008/09/carpet-bombing-and-directory-poisoning.html>,
<http://blog.acrossecurity.com/2012/02/downloads-folder-binary-planting.html>
and <…

Leave a Reply Cancel reply

You must be logged in to post a comment.

Software and Security Information