Valid HTML 4.01 Transitional Valid CSS Valid SVG 1.0

Me, myself & IT

Advisories, (some) Comments and Disclosures posted on Security Mailing Lists

Advisories, (some) comments and disclosures posted on the BugTraq and Full Disclosure security mailing lists, in chronological order.

Note: BugTraq ceased to work on February 25, 2020 without any notice when its moderators suddenly stopped to approve new posts; the mailbox <bugtraq@securityfocus.com> was shut down about a month later, again without any notice!

BugTraq

2007-10-18
Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096)
Softwin's anti-virus BitDefender contains vulnerable zlib (CA-2007-07)
Softwin's anti-virus BitDefender contains vulnerable zlib (CA-2007-07)
Official Windows binaries of "curl" contain vulnerable zlib 1.2.2 (CAN-2005-2096)
Official Windows binaries of "curl" contain vulnerable zlib 1.2.2 (CAN-2005-2096)
2007-10-29
Windows binary of "Virtual Floppy Drive 2.1" contains vulnerable zlib (CAN-2005-2096)
Windows binary of "Virtual Floppy Drive 2.1" contains vulnerable zlib (CAN-2005-2096)
2008-03-09
Re: Firewire Attack on Windows Vista
Re: Firewire Attack on Windows Vista
2008-08-08
Re: OpenID/Debian PRNG/DNS Cache poisoning advisory
Re: OpenID/Debian PRNG/DNS Cache poisoning advisory
2008-11-18
Outdated and vulnerable OpenSource libraries used in "Deutsche Telekom" home banking software
Outdated and vulnerable OpenSource libraries used in "Deutsche Telekom" home banking software
2009-04-20
Windows Update (re-)installs outdated Flash ActiveX on Windows XP
Windows Update (re-)installs outdated Flash ActiveX on Windows XP
2009-07-15
Vulnerable DLLs distributed with Terratec HomeCinema 6.3
Vulnerable DLLs distributed with Terratec HomeCinema 6.3
2009-08-31
Vulnerable MSVC++ runtime distributed with OpenOffice.org 3.1.1 for Windows
Vulnerable MSVC++ runtime distributed with OpenOffice.org 3.1.1 for Windows
2009-11-28
Windows packages for BIND9 contain vulnerable MSVC runtime components
Windows packages for BIND9 contain vulnerable MSVC runtime components
2010-01-02
Latest Intel Pro/10* ethernet adaptor drivers contain vulnerable MSVC runtime!
Latest Intel Pro/10* ethernet adaptor drivers contain vulnerable MSVC runtime!
2010-02-06
Re: Samba Remote Zero-Day Exploit
Re: Samba Remote Zero-Day Exploit
2010-06-26
Nuance OmniPage 16 Professional installs multiple vulnerable Microsoft runtime libraries
Nuance OmniPage 16 Professional installs multiple vulnerable Microsoft runtime libraries
2010-09-10
Re: Binary Planting Goes "EXE"
Re: Binary Planting Goes "EXE"
2010-09-20
Vulnerable 3rd-party DLLs used in TrendMicro's malware scanner HouseCall
Vulnerable 3rd-party DLLs used in TrendMicro's malware scanner HouseCall
2010-12-10
Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
2011-05-16
Vulnerable and completely outdated 3rd party ZIP code in FastStone image viewer
Vulnerable and completely outdated 3rd party ZIP code in FastStone image viewer
2011-06-17
Essential PIM 4.22: MANY vulnerabilities in 3rd party libraries
Essential PIM 4.22: MANY vulnerabilities in 3rd party libraries
2011-06-19
Perfect PDF products distributed with vulnerable MSVC++ libraries
Perfect PDF products distributed with vulnerable MSVC++ libraries
2012-03-04
%windir%\temp\sso\ssoexec.dll (or: how trustworthy is Microsoft's build process)
%windir%\temp\sso\ssoexec.dll (or: how trustworthy is Microsoft's build process)
2012-05-13
ICACLS.EXE ignores and destroys SE_DACL_PROTECTED/SE_SACL_PROTECTED
ICACLS.EXE ignores and destroys SE_DACL_PROTECTED/SE_SACL_PROTECTED
2012-06-19
[Win32-API] SetNamedSecurityInfo() IGNORES and DESTROYS protected DACLs/SACLs
[Win32-API] SetNamedSecurityInfo() IGNORES and DESTROYS protected DACLs/SACLs
2012-06-25
OpenLimit Reader for Windows contains completely outdated, superfluous and VULNERABLE system components
OpenLimit Reader for Windows contains completely outdated, superfluous and VULNERABLE system components
2012-07-03
Vulnerable Microsoft VC++ 2005 runtime libraries in "Microsoft Live Meeting 2007 Client" installed in private location
Vulnerable Microsoft VC++ 2005 runtime libraries in "Microsoft Live Meeting 2007 Client" installed in private location
2012-08-09
How well does Microsoft support (and follow) their mantra "keep your PC updated"?
How well does Microsoft support (and follow) their mantra "keep your PC updated"?
2012-09-24
"Dell Data Protection | Access" for Windows contains and installs outdated, superfluous and vulnerable system components and 3rd party components/drivers
"Dell Data Protection | Access" for Windows contains and installs outdated, superfluous and vulnerable system components and 3rd party components/drivers
2012-10-03
Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by Ogg DirectShow filters
Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by Ogg DirectShow filters
2012-11-02
Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by eM client
Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by eM client
2012-11-06
Vulnerable, superfluous/outdated/deprecated/superseded 3rd party OCXs and DLLs distributed by and installed with Dataram RamDisk 4.0.0
Vulnerable, superfluous/outdated/deprecated/superseded 3rd party OCXs and DLLs distributed by and installed with Dataram RamDisk 4.0.0
2013-01-20
Mozilla Firefox and Microsoft Internet Explorer stall when using workaround from MS06-020 or MS06-069
Mozilla Firefox and Microsoft Internet Explorer stall when using workaround from MS06-020 or MS06-069
2013-05-04
Vulnerability in Microsoft Security Essentials <v4.2
Vulnerability in Microsoft Security Essentials <v4.2
2013-05-06
VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone 6
VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone 6
2013-05-08
Vulnerability in "Fujitsu Desktop Update" (for Windows)
Vulnerability in "Fujitsu Desktop Update" (for Windows)
2013-05-09
Re: Vulnerabilities in Windows 8 Professional x64 factory preinstallation of Fujitsu Lifebook A512 [continued]
Re: Vulnerabilities in Windows 8 Professional x64 factory preinstallation of Fujitsu Lifebook A512 [continued]
2013-05-19
Defense in depth -- the Microsoft way
Defense in depth -- the Microsoft way
2013-06-03
Vulnerable Microsoft VC++ 2005 RTM runtime libraries installed with "Microsoft Security Essentials" (and numerous other Microsoft products)
Vulnerable Microsoft VC++ 2005 RTM runtime libraries installed with "Microsoft Security Essentials" (and numerous other Microsoft products)
2013-07-10
VULNERABLE (3rd party) components in Adobe Reader 11.0.03, and dangling reference to Acrobat.exe
VULNERABLE (3rd party) components in Adobe Reader 11.0.03, and dangling reference to Acrobat.exe
2013-07-22
Defense in depth -- the Microsoft way (part 4)
Defense in depth -- the Microsoft way (part 4)
2013-07-27
Defense in depth -- the Microsoft way (part 5): sticky, persistent vulnerabilities
Defense in depth -- the Microsoft way (part 5): sticky, persistent vulnerabilities
2013-08-07
Defense in depth -- the Microsoft way (part 6): beginner's errors, QA sound asleep or out of sight!
Defense in depth -- the Microsoft way (part 6): beginner's errors, QA sound asleep or out of sight!
2013-08-08
OUTDATED, UNSUPPORTED and VULNERABLE 3rd party components installed with Exact Audio Copy
OUTDATED, UNSUPPORTED and VULNERABLE 3rd party components installed with Exact Audio Copy
2013-08-11
Re: Apache suEXEC privilege elevation / information disclosure
Re: Apache suEXEC privilege elevation / information disclosure
2013-08-17
Defense in depth -- the Microsoft way (part 7): executable files in data directories
Defense in depth -- the Microsoft way (part 7): executable files in data directories
2013-08-21
Windows Embedded POSReady 2009: cruft, not craft
Windows Embedded POSReady 2009: cruft, not craft
2013-08-24
Defense in depth -- the Microsoft way (part 8): execute everywhere!
Defense in depth -- the Microsoft way (part 8): execute everywhere!
2013-08-31
Defense in depth -- the Microsoft way (part 9): erroneous documentation
Defense in depth -- the Microsoft way (part 9): erroneous documentation
2013-10-01
Defense in depth -- the Microsoft way (part 11): privilege escalation for dummies
Defense in depth -- the Microsoft way (part 11): privilege escalation for dummies
2013-10-19
Defense in depth -- the Microsoft way (part 12): NOOP security fixes
Defense in depth -- the Microsoft way (part 12): NOOP security fixes
2013-11-03
Defense in depth -- the Microsoft way (part 13): surprising and inconsistent behaviour, sloppy coding, sloppy QA, sloppy documentation
2013-11-08
Re: Word 2003 SP2 .doc fork bomb on WinXP SP3
Re: Word 2003 SP2 .doc fork bomb on WinXP SP3
2013-11-24
Defense in depth -- the Microsoft way (part 14): incomplete, misleading and dangerous documentation
Defense in depth -- the Microsoft way (part 14): incomplete, misleading and dangerous documentation
2014-04-16
Buggy insecure "security" software executes rogue binary during installation and uninstallation
Buggy insecure "security" software executes rogue binary during installation and uninstallation
2014-05-20
Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe
Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe
2014-05-28
Defense in depth -- the Microsoft way (part 15): unquoted arguments in 120 (of 462) command lines
Defense in depth -- the Microsoft way (part 15): unquoted arguments in 120 (of 462) command lines
2014-07-07
iTunes 11.2.2 for Windows: completely outdated and vulnerable 3rd party libraries
iTunes 11.2.2 for Windows: completely outdated and vulnerable 3rd party libraries
2014-07-23
Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
2014-08-07
Beginners error: QuickTime for Windows runs rogue program C:\Program.exe when opening associated files
Beginners error: QuickTime for Windows runs rogue program C:\Program.exe when opening associated files
2014-08-16
Beginners error: Apple's Software Update runs rogue program C:\Program.exe (and some more)
Beginners error: Apple's Software Update runs rogue program C:\Program.exe (and some more)
Beginners error: Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs
Beginners error: Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs
Beginners error: Apple's iCloudServices for Windows run rogue program C:\Program.exe (and some more)
Beginners error: Apple's iCloudServices for Windows run rogue program C:\Program.exe (and some more)
2014-09-02
Defense in depth -- the Microsoft way (part 18): Microsoft Office 2010 registers command lines with unquoted pathnames
Defense in depth -- the Microsoft way (part 18): Microsoft Office 2010 registers command lines with unquoted pathnames
2014-09-06
Defense in depth -- the Microsoft way (part 19): still no "perfect forward secrecy" per default in Windows 8/7/Vista/Server 2012/Server 2008 [R2]
Defense in depth -- the Microsoft way (part 19): still no "perfect forward secrecy" per default in Windows 8/7/Vista/Server 2012/Server 2008 [R2]
2014-10-24
Still beginner's errors (and outdated 3rd party components) in QuickTime 7.7.6 and iTunes 12.0.1
Still beginner's errors (and outdated 3rd party components) in QuickTime 7.7.6 and iTunes 12.0.1
iTunes 12.0.1 for Windows: still COMPLETELY outdated and VULNERABLE 3rd party libraries
iTunes 12.0.1 for Windows: still COMPLETELY outdated and VULNERABLE 3rd party libraries
2014-11-27
Defense in depth -- the Microsoft way (part 22): no DEP in Windows' filesystem (and ASLR barely used)
Defense in depth -- the Microsoft way (part 22): no DEP in Windows' filesystem (and ASLR barely used)
2014-12-13
Defense in depth -- the Microsoft way (part 23): two quotes or not to quote...
Defense in depth -- the Microsoft way (part 23): two quotes or not to quote...
2014-12-30
Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook
Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook
2015-01-31
Defense in depth -- the Microsoft way (part 27): the command line you get differs from the command line I use to call you
Defense in depth -- the Microsoft way (part 27): the command line you get differs from the command line I use to call you
2015-02-11
[ANN] MSKB 3004375 available for Windows 2000 and later too (but NOT from Mcirosoft)
[ANN] MSKB 3004375 available for Windows 2000 and later too (but NOT from Mcirosoft)
2015-02-19
Defense in depth -- the Microsoft way (part 28): yes, we can (create even empty, but properly quoted pathnames)
Defense in depth -- the Microsoft way (part 28): yes, we can (create even empty, but properly quoted pathnames)
iTunes 12.1.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...
iTunes 12.1.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...
2015-02-21
Defense in depth -- the Microsoft way (part 29): contradicting, ambiguous, incomplete documentation
Defense in depth -- the Microsoft way (part 29): contradicting, ambiguous, incomplete documentation
2015-03-15
Defense in depth -- the Mozilla way: return and exit codes are dispensable
Defense in depth -- the Mozilla way: return and exit codes are dispensable
2015-03-15
Defense in depth -- the Microsoft way (part 30): on exploitable Win32 functions
Defense in depth -- the Microsoft way (part 30): on exploitable Win32 functions
Defense in depth -- the Microsoft way (part 31): UAC is for binary planting
Defense in depth -- the Microsoft way (part 31): UAC is for binary planting
2015-07-01
iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...
iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...
2015-08-04
Mozilla extensions: a security nightmare
Mozilla extensions: a security nightmare
2015-08-05
Vulnerable MSVC++ runtime distributed with LibreOffice 5.0.0 for Windows
Vulnerable MSVC++ runtime distributed with LibreOffice 5.0.0 for Windows
2015-08-12
Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
2015-09-04
Defense in depth -- the Microsoft way (part 32): yet another (trivial) UAC bypass resp. privilege escalation
Defense in depth -- the Microsoft way (part 32): yet another (trivial) UAC bypass resp. privilege escalation
2015-09-08
Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe
Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe
2015-09-19
Defense in depth -- the Microsoft way (part 35): Windows Explorer ignores "Run as administrator" ...
Defense in depth -- the Microsoft way (part 35): Windows Explorer ignores "Run as administrator" ...
2015-10-28
Arbitrary code execution resp. escalation of privilege with Mozilla's SETUP.EXE
Arbitrary code execution resp. escalation of privilege with Mozilla's SETUP.EXE
2015-12-07
Executable installers are vulnerable^WEVIL (case 6): SumatraPDF-*-installer.exe allows remote code execution with escalation of privilege
Executable installers are vulnerable^WEVIL (case 6): SumatraPDF-*-installer.exe allows remote code execution with escalation of privilege
Executable installers are vulnerable^WEVIL (case 2): NSIS allows remote code execution with escalation of privilege
Executable installers are vulnerable^WEVIL (case 2): NSIS allows remote code execution with escalation of privilege
Executable installers are vulnerable^WEVIL (case 8): vlc-*.exe allows remote code execution with escalation of privilege
Executable installers are vulnerable^WEVIL (case 8): vlc-*.exe allows remote code execution with escalation of privilege
2015-12-08
Executable installers are vulnerable^WEVIL (case 5): JRSoft InnoSetup
Executable installers are vulnerable^WEVIL (case 5): JRSoft InnoSetup
Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege
Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege
2015-12-09
Executable installers are vulnerable^WEVIL (case 9): Chrome's setup.exe allows arbitrary code execution and escalation of privilege
Executable installers are vulnerable^WEVIL (case 9): Chrome's setup.exe allows arbitrary code execution and escalation of privilege
2015-12-14
Executable installers are vulnerable^WEVIL (case 10): McAfee Security Scan Plus, WebAdvisor and CloudAV (Beta)
Executable installers are vulnerable^WEVIL (case 10): McAfee Security Scan Plus, WebAdvisor and CloudAV (Beta)
2015-12-18
Executable uninstallers are vulnerable^WEVIL (case 12): Avira Registry Cleaner allows arbitrary code execution with escalation of privilege
Executable uninstallers are vulnerable^WEVIL (case 12): Avira Registry Cleaner allows arbitrary code execution with escalation of privilege
2015-12-21
Almost no resp. only some mitigation(s) for "DLL hijacking" via load-time dependencies
Almost no resp. only some mitigation(s) for "DLL hijacking" via load-time dependencies
Executable installers are vulnerable^WEVIL (case 13): ESET NOD32 antivirus installer allows remote code execution with escalation of privilege
Executable installers are vulnerable^WEVIL (case 13): ESET NOD32 antivirus installer allows remote code execution with escalation of privilege
2015-12-22
Executable installers are vulnerable^WEVIL (case 14): Rapid7's ScanNowUPnP.exe allows arbitrary (remote) code execution
Executable installers are vulnerable^WEVIL (case 14): Rapid7's ScanNowUPnP.exe allows arbitrary (remote) code execution
2015-12-23
Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege
Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege
2015-12-31
Executable installers are vulnerable^WEVIL (case 16): Trend Micro's installers allows arbitrary (remote) code execution
Executable installers are vulnerable^WEVIL (case 16): Trend Micro's installers allows arbitrary (remote) code execution
2016-01-03
Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities
Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities
2016-01-07
Executable installers are vulnerable^WEVIL (case 18): EMSISoft's installers allow arbitrary (remote) code execution and escalation of privilege
Executable installers are vulnerable^WEVIL (case 18): EMSISoft's installers allow arbitrary (remote) code execution and escalation of privilege
Executable installers are vulnerable^WEVIL (case 19): ZoneAlarm's installers allow arbitrary (remote) code execution and escalation of privilege
Executable installers are vulnerable^WEVIL (case 19): ZoneAlarm's installers allow arbitrary (remote) code execution and escalation of privilege
2016-01-08
Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege
Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege
2016-01-13
[CVE-2016-0014] Executable installers are vulnerable^WEVIL (case 1): Microsoft's IExpress resp. WExtract, SFXCab, BoxStub, ...
[CVE-2016-0014] Executable installers are vulnerable^WEVIL (case 1): Microsoft's IExpress resp. WExtract, SFXCab, BoxStub, ...
2016-01-15
Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution
Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution
Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories?
Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories?
2016-01-19
Executable installers are vulnerable^WEVIL (case 21): Panda Security's installers allow arbitrary (remote) code execution AND escalation of privilege with PANDAIS16.exe
Executable installers are vulnerable^WEVIL (case 21): Panda Security's installers allow arbitrary (remote) code execution AND escalation of privilege with PANDAIS16.exe
2016-01-21
Executable installers are vulnerable^WEVIL (case 3): WiX Toolset's bootstrapper "burn.exe"
Executable installers are vulnerable^WEVIL (case 3): WiX Toolset's bootstrapper "burn.exe"
2016-01-30
Executable installers are vulnerable^WEVIL (case 23): WinImage's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege
Executable installers are vulnerable^WEVIL (case 23): WinImage's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege
2016-02-05
[CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox
[CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox
2016-02-07
Executable installers are vulnerable^WEVIL (case 25): WinRAR's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege
Executable installers are vulnerable^WEVIL (case 25): WinRAR's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege
2016-02-24
Executable installers are vulnerable^WEVIL (case 4): InstallShield's wrapper and setup.exe
Executable installers are vulnerable^WEVIL (case 4): InstallShield's wrapper and setup.exe
Executable installers are vulnerable^WEVIL (case 26): the installer of GIMP for Windows allows arbitrary (remote) and escalation of privilege
Executable installers are vulnerable^WEVIL (case 26): the installer of GIMP for Windows allows arbitrary (remote) and escalation of privilege
2016-02-26
Executable installers are vulnerable^WEVIL (case 28): Google's Chrome cleanup tool allows arbitrary (remote) code execution WITH escalation of privilege
Executable installers are vulnerable^WEVIL (case 28): Google's Chrome cleanup tool allows arbitrary (remote) code execution WITH escalation of privilege
Executable installers are vulnerable^WEVIL (case 27): Cygwin's installers allow arbitrary (remote) code execution WITH escalation of privilege
Executable installers are vulnerable^WEVIL (case 27): Cygwin's installers allow arbitrary (remote) code execution WITH escalation of privilege
2016-03-01
Executable installers are vulnerable^WEVIL (case 29): putty-0.66-installer.exe allows arbitrary (remote) code execution WITH escalation of privilege
Executable installers are vulnerable^WEVIL (case 29): putty-0.66-installer.exe allows arbitrary (remote) code execution WITH escalation of privilege
2016-03-06
Executable installers are vulnerable^WEVIL (case 30): clamwin-0.99-setup.exe allows arbitrary (remote) code execution WITH escalation of privilege
Executable installers are vulnerable^WEVIL (case 30): clamwin-0.99-setup.exe allows arbitrary (remote) code execution WITH escalation of privilege
Executable installers are vulnerable^WEVIL (case 31): MalwareBytes' installers allows arbitrary (remote) code execution WITH escalation of privilege
Executable installers are vulnerable^WEVIL (case 31): MalwareBytes' installers allows arbitrary (remote) code execution WITH escalation of privilege
2016-03-09
Re: Windows Mail Find People DLL side loading vulnerability
Re: Windows Mail Find People DLL side loading vulnerability
2016-03-15
Defense in depth -- the Microsoft way (part 39): vulnerabilities, please meet the bar for security servicing
Defense in depth -- the Microsoft way (part 39): vulnerabilities, please meet the bar for security servicing
2016-04-18
Executable installers are vulnerable^WEVIL (case 33): GData's installers allow escalation of privilege
Executable installers are vulnerable^WEVIL (case 33): GData's installers allow escalation of privilege
2016-04-28
Mozilla doesn't care for upstream security fixes, and doesn't bother to send own security fixes upstream
Mozilla doesn't care for upstream security fixes, and doesn't bother to send own security fixes upstream
2016-06-15
[CVE-2014-1520] NOT FIXED: privilege escalation via Mozilla's executable installers
[CVE-2014-1520] NOT FIXED: privilege escalation via Mozilla's executable installers
2016-06-17
[CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player
[CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player
2016-07-01
Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking
Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking
2016-07-13
[CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers
[CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers
2016-07-18
[CVE-2016-1281] NOT FIXED: VeraCrypt*Setup*.exe still vulnerable to DLL hijacking
[CVE-2016-1281] NOT FIXED: VeraCrypt*Setup*.exe still vulnerable to DLL hijacking
2016-07-19
Executable installers are vulnerable^WEVIL (case 35): eclipse-inst-win*.exe vulnerable to DLL and EXE hijacking
Executable installers are vulnerable^WEVIL (case 35): eclipse-inst-win*.exe vulnerable to DLL and EXE hijacking
2016-07-23
Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking
Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking
Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design
Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design
2016-08-11
Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP%
Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP%
2016-10-20
Defense in depth -- the Microsoft way (part 45): filesystem redirection fails to redirect the application directory
Defense in depth -- the Microsoft way (part 45): filesystem redirection fails to redirect the application directory
Defense in depth -- the Microsoft way (part 44): complete failure of Windows Update
Defense in depth -- the Microsoft way (part 44): complete failure of Windows Update
2016-11-17
Executable installers are vulnerable^WEVIL (case 41): EmsiSoft's Emergency Kit allows elevation of privilege for everybody
Executable installers are vulnerable^WEVIL (case 41): EmsiSoft's Emergency Kit allows elevation of privilege for everybody
2017-01-21
Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution
Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution
2017-03-21
Defense in depth -- the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups"
Defense in depth -- the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups"
2017-05-31
[CVE-2017-5688] Executable installers are vulnerable^WEVIL (case 52): Intel installation framework allows arbitrary code execution with escalation of privilege
[CVE-2017-5688] Executable installers are vulnerable^WEVIL (case 52): Intel installation framework allows arbitrary code execution with escalation of privilege
2018-01-30
Defense in depth -- the Microsoft way (part 49): fun with application manifests
Defense in depth -- the Microsoft way (part 49): fun with application manifests
2018-02-09
Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM
Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM
2018-02-14
Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS
Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS
2018-04-09
Defense in depth -- the Microsoft way (part 53): our MSRC doesn't know how Windows handles PATH
Defense in depth -- the Microsoft way (part 53): our MSRC doesn't know how Windows handles PATH
2018-05-09
[ADV170017] Defense in depth -- the Microsoft way (part 54): escalation of privilege during installation of Microsoft Office 20xy
[ADV170017] Defense in depth -- the Microsoft way (part 54): escalation of privilege during installation of Microsoft Office 20xy
2018-07-04
[CVE-2018-3667, CVE-2018-3668] Escalation of priviilege via executable installer of Intel Processor Diagnostic Tool
[CVE-2018-3667, CVE-2018-3668] Escalation of priviilege via executable installer of Intel Processor Diagnostic Tool
2018-07-17
Defense in depth -- the Microsoft way (part 55): new software built with 5.5 year old tool shows 20+ year old vulnerabilities
Defense in depth -- the Microsoft way (part 55): new software built with 5.5 year old tool shows 20+ year old vulnerabilities
2018-07-18
Defense in depth -- the Microsoft way (part 56): 10+ year old security update installers are susceptiblle to 20+ year old vulnerability
Defense in depth -- the Microsoft way (part 56): 10+ year old security update installers are susceptiblle to 20+ year old vulnerability
2018-08-01
CVE-2016-7085 NOT fixed in VMware-player-12.5.9-7535481.exe
CVE-2016-7085 NOT fixed in VMware-player-12.5.9-7535481.exe
2018-08-02
Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9
Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9
2018-08-14
Defense in depth -- the Microsoft way (part 57): all the latest MSVCRT installers allow escalation of privilege
2018-09-02
Defense in depth -- the Microsoft way (part 57): installation of security updates fails on Windows Embedded POSReady 2009
2018-11-16
[CVE-2018-3635] Executable installers are vulnerable^WEVIL (case 59): arbitrary code execution WITH escalation of privilege via Intel Rapid Storage Technology User Interface and Driver
2018-11-19
Escalation of privilege with Intel Rapid Storage User Interface
2019-01-18
Defense in depth -- the Microsoft way (part 59): we only fix every other vulnerability
2019-02-26
Defense in depth -- the Microsoft way (part 60): same old sins and incompetence!
2020-01-29
Defense in depth -- the Microsoft way (part 61): security features are built to fail (or documented wrong)
2020-01-30
[CVE-2019-20358] CVE-2019-9491 in Trend Micro Anti-Threat Toolkit (ATTK) was NOT properly FIXED
2020-01-31
Executable installers are vulnerable^WEVIL (case 58): Intel® Processor Identification Utility - Windows* Version - arbitrary code execution with escalation of privilege
2020-02-24
Defense in depth -- the Microsoft way (part 62): Windows shipped with end-of-life components
Defense in depth -- the Microsoft way (part 62): Windows shipped with end-of-life components

Full Disclosure

2008-11-18
Outdated and vulnerable OpenSource libraries used in "Deutsche Telekom" home banking software
2009-04-20
Windows Update (re-)installs outdated Flash ActiveX on Windows XP
2009-07-16
Vulnerable DLLs distributed with Terratec HomeCinema 6.3
2009-08-31
Vulnerable MSVC++ runtime distributed with OpenOffice.org 3.1.1 for Windows
2010-06-26
Nuance OmniPage 16 Professional installs multiple vulnerable Microsoft runtime libraries
2010-09-13
Re: Nmap NOT VULNERABLE to Windows DLL HijackingVulnerability
2010-09-15
Re: DLL hijacking with Autorun on a USB drive
2010-09-20
Vulnerable 3rd-party DLLs used in TrendMicro's malware scanner HouseCall
2010-12-13
Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
2011-05-16
Vulnerable and completely outdated 3rd party ZIP code in FastStone image viewer
2011-06-17
Essential PIM 4.22: MANY vulnerabilities in 3rd party libraries
2011-06-19
Perfect PDF products distributed with vulnerable MSVC++ libraries
2011-09-16
Re: Microsoft's Binary Planting Clean-Up Mission
2011-09-22
Re: Fix for NTFS permissions issue in QuickTime 7.xfor Windows
2011-11-14
Microsoft security hotfix MS11-071 alias KB2570947 incomplete
2012-03-02
%windir%\temp\sso\ssoexec.dll (or: how trustworthy is Microsoft's build process)
2012-05-13
ICACLS.EXE ignores and destroys SE_DACL_PROTECTED/SE_SACL_PROTECTED
2012-06-19
[Win32-API] SetNamedSecurityInfo() IGNORES and DESTROYS protected DACLs/SACLs
2012-06-25
OpenLimit Reader for Windows contains completely outdated, superfluous and VULNERABLE system components
2012-07-03
Vulnerable Microsoft VC++ 2005 runtime libraries in "Microsoft Live Meeting 2007 Client" installed in private location
2012-07-04
Re: Windows short (8.3) filenames - a security nightmare?
2012-07-09
Re: How much time is appropriate for fixing a bug?
2012-08-09
How well does Microsoft support (and follow) their mantra "keep your PC updated"?
2012-09-24
"Dell Data Protection | Access" for Windows contains and installs outdated, superfluous and vulnerable system components and 3rd party components/drivers
2012-10-03
Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by Ogg DirectShow filters
2012-11-02
Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by eM client
2012-11-06
Vulnerable, superfluous/outdated/deprecated/superseded 3rd party OCXs and DLLs distributed by and installed with Dataram RamDisk 4.0.0
2013-01-20
Mozilla Firefox and Microsoft Internet Explorer stall when using workaround from MS06-020 or MS06-069
2013-05-04
Vulnerability in Microsoft Security Essentials <v4.2
2013-05-05
Vulnerabilities in Windows 8 Professional x64 factory preinstallation of Fujitsu Lifebook A512
2013-05-06
VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone 6
VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone System 11
2013-05-08
Vulnerability in "Fujitsu Desktop Update" (for Windows)
2013-05-19
Defense in depth -- the Microsoft way
2013-06-03
Vulnerable Microsoft VC++ 2005 RTM runtime libraries installed with "Microsoft Security Essentials" (and numerous other Microsoft products)
2013-06-16
Defense in depth -- the Microsoft way (part 3)
2013-07-10
VULNERABLE (3rd party) components in Adobe Reader 11.0.03, and dangling reference to Acrobat.exe
2013-07-22
Defense in depth -- the Microsoft way (part 4)
2013-07-27
Defense in depth -- the Microsoft way (part 5): sticky, persistent vulnerabilities
2013-08-07
Defense in depth -- the Microsoft way (part 6): beginner's errors, QA sound asleep or out of sight!
2013-08-08
OUTDATED, UNSUPPORTED and VULNERABLE 3rd party components installed with Exact Audio Copy
2013-08-17
Defense in depth -- the Microsoft way (part 7): executable files in data directories
2013-08-21
Windows Embedded POSReady 2009: cruft, not craft
2013-08-24
Defense in depth -- the Microsoft way (part 8): execute everywhere!
2013-08-31
Defense in depth -- the Microsoft way (part 9): erroneous documentation
2013-09-21
Defense in depth -- the Microsoft way (part 10)
2013-10-02
Defense in depth -- the Microsoft way (part 11): privilege escalation for dummies
2013-10-19
Defense in depth -- the Microsoft way (part 12): NOOP security fixes
2013-11-03
Defense in depth -- the Microsoft way (part 13): surprising and inconsistent behaviour, sloppy coding, sloppy QA, sloppy documentation
2013-11-24
Defense in depth -- the Microsoft way (part 14): incomplete, misleading and dangerous documentation
2014-04-16
Buggy insecure "security" software executes rogue binary during installation and uninstallation
2014-04-30
Beginners error: iTunes for Windows runs rogue program C:\Program.exe when opening associated files
2014-05-06
Beginners error: Piriform's Crap Cleaner^W runs rogue program C:\Program.exe
2014-05-08
Beginners error: Synaptics touchpad driver delivered via Windows Update executes rogue program C:\Program.exe with system privileges during installation
2014-05-21
Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe
2014-05-28
Defense in depth -- the Microsoft way (part 15): unquoted arguments in 120 (of 462) command lines
2014-05-29
How to use the vulnerable flash player plugin installed with Adobe Reader XI (and other Adobe products)
2014-05-31
Defense in depth -- the Microsoft way (part 16): our developers and their QA dont follow our own security recommendations
2014-06-25
Defense in depth -- the Microsoft way (part 17): even a one-line script is vulnerable
2014-07-07
iTunes 11.2.2 for Windows: completely outdated and vulnerable 3rd party libraries
2014-07-23
Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
2014-08-07
Beginners error: QuickTime for Windows runs rogue program C:\Program.exe when opening associated files
2014-08-16
Beginners error: Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs
Beginners error: Apple's Software Update runs rogue program C:\Program.exe (and some more)
Beginners error: Apple's iCloudServices for Windows run rogue program C:\Program.exe (and some more)
2014-09-02
Defense in depth -- the Microsoft way (part 18): Microsoft Office 2010 registers command lines with unquoted pathnames
2014-09-06
Defense in depth -- the Microsoft way (part 19): still no "perfect forward secrecy" per default in Windows 8/7/Vista/Server 2012/Server 2008 [R2]
2014-10-24
Still beginner's errors (and outdated 3rd party components) in QuickTime 7.7.6 and iTunes 12.0.1
iTunes 12.0.1 for Windows: still COMPLETELY outdated and VULNERABLE 3rd party libraries
2014-11-20
Beginners error: "Google update" runs rogue programs %USERPROFILE%\Local.exe, %USERPROFILE%\Local Settings\Application.exe, %SystemDrive%\Documents.exe, %SystemDrive%\Program.exe, ...
2014-11-23
Defense in depth -- the Microsoft way (part 21): errors/inconsistencies in Windows registry data may lead to buffer overflows or use of random data
Defense in depth -- the Microsoft way (part 20): Microsoft Update may fail to offer current security updates
2014-11-27
Defense in depth -- the Microsoft way (part 22): no DEP in Windows' filesystem (and ASLR barely used)
2014-12-13
Defense in depth -- the Microsoft way (part 23): two quotes or not to quote...
2014-12-21
Defense in depth -- the Microsoft way (part 24): applications built with SDKs may be vulnerable
2014-12-26
Defense in depth -- the Microsoft way (part 25): no secure connections to MSDN, TechNet, ...
2014-12-31
Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook
2015-01-31
Defense in depth -- the Microsoft way (part 27): the command line you get differs from the command line I use to call you
iTunes 12.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...
2015-02-11
[ANN] MSKB 3004375 available for Windows 2000 and later too (but NOT from Mcirosoft)
2015-02-19
Defense in depth -- the Microsoft way (part 28): yes, we can (create even empty, but properly quoted pathnames)
iTunes 12.1.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...
2015-02-21
Defense in depth -- the Microsoft way (part 29): contradicting, ambiguous, incomplete documentation
2015-03-15
Defense in depth -- the Mozilla way: return and exit codes are dispensable
Defense in depth -- the Microsoft way (part 30): on exploitable Win32 functions
Defense in depth -- the Microsoft way (part 31): UAC is for binary planting
2015-07-01
iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...
2015-07-04
Re: Microsoft Office - OLE Packager allows code execution in all Office versions, with macros disabled and high security templates applied
2015-08-04
Mozilla extensions: a security nightmare
2015-08-05
Vulnerable MSVC++ runtime distributed with LibreOffice 5.0.0 for Windows
2015-09-04
Defense in depth -- the Microsoft way (part 32): yet another (trivial) UAC bypass resp. privilege escalation
2015-09-09
Defense in depth -- the Microsoft way (part 34): our developers and our QA still ignore our own security recommendations
2015-09-11
Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe
2015-09-19
Defense in depth -- the Microsoft way (part 35): Windows Explorer ignores "Run as administrator" ...
2015-10-13
Mozilla extensions: a security nightmare (part 2)
2015-10-05
Re: Watch your Downloads: the risk of the "auto-download" feature on Microsoft Edge and Google Chrome
2015-10-28
Arbitrary code execution resp. escalation of privilege with Mozilla's SETUP.EXE
2015-11-15
Defense in depth -- the Microsoft way (part 36): CWE-428 or fun with unquoted paths
2015-11-25
Mitigations for "carpet bombing" alias "directory poisoning" attacks against executable installers
2015-12-05
Defense in depth -- the Microsoft way (part 37): MMC.exe and DrvInst.exe load and execute ".dll" with elevated resp. SYSTEM privileges
2015-12-07
Executable installers are vulnerable^WEVIL (case 6): SumatraPDF-*-installer.exe allows remote code execution with escalation of privilege
Executable installers are vulnerable^WEVIL (case 8): vlc-*.exe allows remote code execution with escalation of privilege
Executable installers are vulnerable^WEVIL (case 2): NSIS allows remote code execution with escalation of privilege
2015-12-08
Executable installers are vulnerable^WEVIL (case 5): JRSoft InnoSetup
Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege
2015-12-09
Executable installers are vulnerable^WEVIL (case 9): Chrome's setup.exe allows arbitrary code execution and escalation of privilege
2015-12-14
Executable installers are vulnerable^WEVIL (case 10): McAfee Security Scan Plus, WebAdvisor and CloudAV (Beta)
Executable installers are vulnerable^WEVIL (case 11): Nmap <7.01 and Nmap-WinPcap <4.13
2015-12-18
Executable uninstallers are vulnerable^WEVIL (case 12): Avira Registry Cleaner allows arbitrary code execution with escalation of privilege
2015-12-21
Almost no resp. only some mitigation(s) for "DLL hijacking" via load-time dependencies
Executable installers are vulnerable^WEVIL (case 13): ESET NOD32 antivirus installer allows remote code execution with escalation of privilege
2015-12-22
Executable installers are vulnerable^WEVIL (case 14): Rapid7's ScanNowUPnP.exe allows arbitrary (remote) code execution
2015-12-23
Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege
2015-12-31
Executable installers are vulnerable^WEVIL (case 16): Trend Micro's installers allows arbitrary (remote) code execution
2016-01-03
Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities
2016-01-07
Executable installers are vulnerable^WEVIL (case 18): EMSISoft's installers allow arbitrary (remote) code execution and escalation of privilege
Executable installers are vulnerable^WEVIL (case 19): ZoneAlarm's installers allow arbitrary (remote) code execution and escalation of privilege
2016-01-08
Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege
2016-01-13
[CVE-2016-0014] Executable installers are vulnerable^WEVIL (case 1): Microsoft's IExpress resp. WExtract, SFXCab, BoxStub, ...
2016-01-15
Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution
Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories?
2016-01-30
Executable installers are vulnerable^WEVIL (case 23): WinImage's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege
2016-02-05
[CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox
2016-02-07
Executable installers are vulnerable^WEVIL (case 25): WinRAR's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege
2016-02-24
Executable installers are vulnerable^WEVIL (case 4): InstallShield's wrapper and setup.exe
Executable installers are vulnerable^WEVIL (case 26): the installer of GIMP for Windows allows arbitrary (remote) and escalation of privilege
2016-03-01
Executable installers are vulnerable^WEVIL (case 29): putty-0.66-installer.exe allows arbitrary (remote) code execution WITH escalation of privilege
2016-03-06
Executable installers are vulnerable^WEVIL (case 30): clamwin-0.99-setup.exe allows arbitrary (remote) code execution WITH escalation of privilege
Executable installers are vulnerable^WEVIL (case 31): MalwareBytes' installers allows arbitrary (remote) code execution WITH escalation of privilege
2016-03-09
Re: Windows Mail Find People DLL side loading vulnerability
2016-03-15
Defense in depth -- the Microsoft way (part 39): vulnerabilities, please meet the bar for security servicing
2016-03-22
Executable installers are vulnerable^WEVIL (case 32): Comodo's installers allow arbitrary (remote) code execution WITH escalation of privilege
2016-04-18
Executable installers are vulnerable^WEVIL (case 33): GData's installers allow escalation of privilege
2016-04-28
Mozilla doesn't care for upstream security fixes, and doesn't bother to send own security fixes upstream
2016-05-28
Defense in depth -- the Microsoft way (part 40): seven+ year old "blended" threat still alive and kicking
2016-06-15
[CVE-2014-1520] NOT FIXED: privilege escalation via Mozilla's executable installers
2016-06-17
[CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player
2016-07-01
Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking
2016-07-13
[CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers
2016-07-23
Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking
Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design
2016-08-11
Executable installers are vulnerable^WEVIL (case 38): Microsoft's Windows10Upgrade*.exe allows elevation of privilege
Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP%
2016-08-15
Executable installers are vulnerable^WEVIL (case 39): MalwareBytes' "junkware removal tool" allows escalation of privilege
2016-08-29
Executable installers are vulnerable^WEVIL (case 40): Aviras' full package installers allow escalation of privilege
2016-09-06
Defense in depth -- the Microsoft way (part 43): restricting the DLL load order fails
2016-10-12
Defense in depth -- the Microsoft way (part 44): complete failure of Windows Update
2016-10-20
Defense in depth -- the Microsoft way (part 45): filesystem redirection fails to redirect the application directory
2016-11-17
Executable installers are vulnerable^WEVIL (case 41): EmsiSoft's Emergency Kit allows elevation of privilege for everybody
2016-12-29
Executable installers are vulnerable^WEVIL (case 42): SoftMaker's FreeOffice installer allows escalation of privilege
2016-12-31
Executable installers are vulnerable^WEVIL (case 43): SoftMaker's Office service pack installers allow escalation of privilege
2017-01-02
Executable installers are vulnerable^WEVIL (case 45): ReadPDF's installers allow escalation of privilege
2017-01-13
Executable installers are vulnerable^WEVIL (case 44): SoftMaker's FlexiPDF installers allow escalation of privilege
2017-01-21
Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution
2017-01-31
Executable installers are vulnerable^WEVIL (case 47): Heimdal Security's SetupLauncher vulnerable to DLL hijacking
2017-02-07
Executable installers are vulnerable^WEVIL (case 48): SumatraPDF-3.1.2-installer.exe allows escalation of privilege
2017-02-16
"long" filenames mishandled by Fujitsu's ScanSnap software
2017-03-04
Executable installers are defective^WEVIL (case 1): putty-0.68-installer.exe
2017-03-06
Executable installers are defective^WEVIL (case 2): innosetup-5.5.9.exe and innosetup-5.5.9-unicode.exe
2017-03-21
Defense in depth -- the Microsoft way (part 46): no checks for common path handling errors in "Application Verifier"
Defense in depth -- the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups"
2017-04-07
Executable installers are vulnerable^WEVIL (case 49): 1Password-4.6.1.619.exe allows arbitrary code execution
2017-05-04
Executable installers are vulnerable^Wdefective^WEVIL (case 49): xampp-win32-7.1.1-0-VC14-installer.exe allows escalation of privilege
2017-05-26
Executable installers are vulnerable^WEVIL (case 51): escalation of privilege with Microsoft's Azure Recovery Services Agent
2017-05-31
[CVE-2017-5688] Executable installers are vulnerable^WEVIL (case 52): Intel installation framework allows arbitrary code execution with escalation of privilege
2017-06-29
Executable installers are vulnerable^WEVIL (case 52): escalation of privilege with Microsoft's .NET Framework installers
2017-07-05
Defense in depth -- the Microsoft way (part 48): privilege escalation for dummies -- they didn't make SUCH a stupid blunder?
2017-08-17
Executable installers are vulnerable^WEVIL (case 53): escalation of privilege with QNAP's installers for Windows
2017-09-12
R.I.P. Kaspersky Privacy Cleaner: withdrawn due to multiple begiinner's errors which allow escalation of privilege
2017-10-09
Executable installers are vulnerable^WEVIL (case 54): escalation of privilege with PostgresSQL installers for Windows
2017-11-30
AMD's buddies for Intel's FDIV bug: _llrem and _ullrem yield wrong remainders!
2018-01-30
Defense in depth -- the Microsoft way (part 49): fun with application manifests
2018-02-05
Defense in depth -- the Microsoft way (part 50); Windows Update shoves unsafe crap as "important" updates to unsuspecting users
2018-02-09
Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM
2018-02-14
Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS
2018-02-17
Mozilla's executable installers: FUBAR (that's spelled "fucked-up beyond all repair")
2018-04-09
Defense in depth -- the Microsoft way (part 53): our MSRC doesn't know how Windows handles PATH
2018-05-09
[ADV170017] Defense in depth -- the Microsoft way (part 54): escalation of privilege during installation of Microsoft Office 20xy
2018-07-04
[CVE-2018-3667, CVE-2018-3668] Escalation of priviilege via executable installer of Intel Processor Diagnostic Tool
2018-07-17
Defense in depth -- the Microsoft way (part 55): new software built with 5.5 year old tool shows 20+ year old vulnerabilities
2018-07-18
Defense in depth -- the Microsoft way (part 56): 10+ year old security update installers are susceptiblle to 20+ year old vulnerability
2018-08-01
CVE-2016-7085 NOT fixed in VMware-player-12.5.9-7535481.exe
2018-08-02
Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9
2018-08-03
Executable installers are vulnerable^WEVIL (case 56): arbitrary code execution WITH escalation of privilege via rufus*.exe
2018-08-14
Defense in depth -- the Microsoft way (part 57): all the latest MSVCRT installers allow escalation of privilege
2018-09-02
Defense in depth -- the Microsoft way (part 57): installation of security updates fails on Windows Embedded POSReady 2009
2018-09-26
Executable installers are vulnerable^WEVIL (case 57): arbitrary code execution WITH escalation of privilege via Intel Extreme Tuning Utility
2018-11-16
Executable installers are vulnerable^WEVIL (case 59): arbitrary code execution WITH escalation of privilege via Intel Rapid Storage Technology User Interface and Driver
2018-11-19
Escalation of privilege with Intel Rapid Storage User Interface
2019-01-18
Defense in depth -- the Microsoft way (part 59): we only fix every other vulnerability
2019-02-26
Defense in depth -- the Microsoft way (part 60): same old sins and incompetence!
2019-07-09
Mozilla's MSI installers: FUBAR (that's spelled "fucked-up beyond all repair")
2020-01-29
Defense in depth -- the Microsoft way (part 61): security features are built to fail (or documented wrong)
2020-01-30
[CVE-2019-20358] CVE-2019-9491 in Trend Micro Anti-Threat Toolkit (ATTK) was NOT properly FIXED
2020-01-31
Executable installers are vulnerable^WEVIL (case 58): Intel® Processor Identification Utility - Windows* Version - arbitrary code execution with escalation of privilege
2020-02-24
Defense in depth -- the Microsoft way (part 62): Windows shipped with end-of-life components
2020-03-10
Defense in depth -- the Microsoft way (part 63): program defaults, settings, policies ... and (un)trustworthy computing
2020-03-27
Defense in depth -- the Microsoft way (part 64): Windows Defender loads and exeutes arbitrary DLLs
2020-03-27
Defense in depth -- the Microsoft way (part 65): unsafe, easy to redirect paths all over
2020-03-28
Defense in depth -- the Microsoft way (part 66): attachment manager allows to load arbitrary DLLs
2020-04-13
Defense in depth -- the Microsoft way (part 67): we maintain 20 year old bugs since we don't care about our customers safety and security
2020-06-03
Defense in depth -- the Microsoft way (part 68): qUACkery is futile!
2020-06-03
Defense in depth -- the Microsoft way (part 69): security remarks are as futile as the qUACkery!
2020-07-23
Defense in depth -- the Microsoft way (part 70): CVE-2014-0315 alias MS14-019 revisited
2020-12-15
Defense in depth -- the Microsoft way (part 71): where compatibility means vulnerability
2021-03-03
Defense in depth -- the Microsoft way (part 72): "compatibility" trumps security
2021-03-05
Unholy CRAP: Mozilla's executable installers
2021-03-08
Defense in depth -- the Microsoft way (part 73): ignorance (of security advisories) is bliss!
2021-03-23
CVE-2018-3635 revisited: executable installers are vulnerable^WEVIL (case 60): again arbitrary code execution WITH escalation of privilege via Intel Rapid Storage Technology User Interface and Driver
2021-04-02
Defense in depth -- the Microsoft way (part 74): Windows Defender SmartScreen is rather DUMB, it allows denial of service
2021-04-23
Executable installers are vulnerable^WEVIL (case 61): arbitrary code execution WITH escalation of privilege via Intel WiFi Drivers
2021-04-29
Defense in depth -- the Microsoft way (part 75): Bypass of SAFER alias Software Restriction Policies NOT FIXED
Defense in depth -- the Microsoft way (part 76): arbitrary code execution WITH elevation of privilege in user-writable directories below %SystemRoot%
2021-05-18
Defense in depth -- the Microsoft way (part 77): access without access permission
2021-10-13
Defense in depth -- the Microsoft way (part 78): completely outdated, vulnerable open source component(s) shipped with Windows 10&11
2021-10-14
Defense in depth -- the Microsoft way (part 79): Local Privilege Escalation via Windows 11 Installation Assistant
2022-05-10
Defense in depth -- the Microsoft way (part 80): 25 (in words: TWENTY-FIVE) year old TRIVIAL bug crashes CMD.exe
2023-02-10
Defense in depth -- the Microsoft way (part 81): enabling UTF-8 support breaks existing code
2023-02-22
Defense in depth -- the Microsoft way (part 82): INVALID/BOGUS AppLocker rules disable SAFER on Windows 11 22H2
2023-03-17
Defense in depth -- the Microsoft way (part 83): instead to fix even their most stupid mistaskes, they spill barrels of snakeoil to cover them (or just leave them as-is)
2023-03-22
Defense in depth -- the Microsoft way (part 84): (no) fun with %COMSPEC%
2023-06-07
Defense in depth -- the Microsoft way (part 85): escalation of privilege plus remote code execution with HVCISCAN.exe
2023-10-12
Defense in depth -- the Microsoft way (part 86): shipping rotten software to billions of unsuspecting customers
2024-04-22
Defense in depth -- the Microsoft way (part 87): shipping more rotten software to billions of unsuspecting customers
2024-09-24
Defense in depth -- the Microsoft way (part 88): a SINGLE command line shows about 20, 000 instances of CWE-73

Contact

If you miss anything here, have additions, comments, corrections, criticism or questions, want to give feedback, hints or tipps, report broken links, bugs, deficiencies, errors, inaccuracies, misrepresentations, omissions, shortcomings, vulnerabilities or weaknesses, …: don’t hesitate to contact me and feel free to ask, comment, criticise, flame, notify or report!

Use the X.509 certificate to send S/MIME encrypted mail.

Note: email in weird format and without a proper sender name is likely to be discarded!

I dislike HTML (and even weirder formats too) in email, I prefer to receive plain text.
I also expect to see your full (real) name as sender, not your nickname.
I abhor top posts and expect inline quotes in replies.

Terms and Conditions

By using this site, you signify your agreement to these terms and conditions. If you do not agree to these terms and conditions, do not use this site!

Data Protection Declaration

This web page records no (personal) data and stores no cookies in the web browser.

The web service is operated and provided by

Telekom Deutschland GmbH
Business Center
D-64306 Darmstadt
Germany
<‍hosting‍@‍telekom‍.‍de‍>
+49 800 5252033

The web service provider stores a session cookie in the web browser and records every visit of this web site with the following data in an access log on their server(s):


Copyright © 1995–2024 • Stefan Kanthak • <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>