Full Disclosure

Executable installers are vulnerable^WEVIL (case 39): MalwareBytes' "junkware removal tool" allows escalation of privilege

August 16, 2016 007admin Leave a comment

Posted by Stefan Kanthak on Aug 16

Hi @ll,

JRT.exe (see <https://en.malwarebytes.com/junkwareremovaltool/>)

1. is vulnerable to DLL hijacking:
see <https://cwe.mitre.org/data/definitions/426.html>
and <https://cwe.mitre.org/data/definitions/427.html> for
these WELL-KNOWN and WELL-DOCUMENTED beginner’s errors;

2. creates an unsafe directory “%TEMP%jrt”:
see <https://cwe.mitre.org/data/definitions/377.html>
and <…

Leave a Reply Cancel reply

You must be logged in to post a comment.

Software and Security Information