Executable installers are vulnerable^WEVIL (case 30): clamwin-0.99-setup.exe allows arbitrary (remote) code execution WITH escalation of privilege

Posted by Stefan Kanthak on Mar 09

Hi @ll,

the executable installer clamwin-0.99-setup.exe (available from
<http://www.clamwin.com/download>) loads and executes DWMAPI.dll
or UXTheme.dll from its “application directory”.

For software downloaded with a web browser the application
directory is typically the user’s “Downloads” directory: see
<https://insights.sei.cmu.edu/cert/2008/09/carpet-bombing-and-directory-poisoning.html>,
<…

Leave a Reply