Posted by Stefan Kanthak on Apr 20

Hi @ll,

the executable installers of G-Data’s “security” products for
Windows, available from <https://www.gdata.de/downloads>, allow
escalation of privilege!

The downloadable executables are self-extractors containing the
real executable installer as resource: they create the subdirectory
%TEMP%{guidguid-guid-guid-guid-guidguidguid}
using another resource containing the hardcoded value of this GUID,
extract the real…