Re: Executable installers are vulnerable^WEVIL (case 26): the installer of GIMP for Windows allows arbitrary (remote) and escalation of privilege

February 25, 2016 007admin Leave a comment

Posted by Jernej Simončič on Feb 25

[snip]

Can’t reproduce – tested on Windows XP SP3, Windows 7 x64 SP1 and
Windows 10 x64 (10586.104), and I tested not only with
gimp-2.8.16-setup-1.exe, but also with gimp-2.8.14-setup-1.exe and
gimp-2.8.10-setup.exe – none of them triggered anything from
sentinel.dll/uxtheme.dll.

This is what I expected – the way Inno Setup works, the downloaded
executable installer has a stub which extracts the real installer to a
subdirectory of %TEMP%,…

007 Software

Re: Executable installers are vulnerable^WEVIL (case 26): the installer of GIMP for Windows allows arbitrary (remote) and escalation of privilege

Leave a Reply Cancel reply

Software and Security Information