oss-sec mailing list archives
Re: CVE request: GnuPG classic & GnuPG modern
From: "Stefan Kanthak" <stefan.kanthak () nexgo de>
Date: Mon, 18 Apr 2016 19:02:13 +0200
Kurt Seifried wrote:
I suspect we're going to need a tiny bit more context around this request. Like... what's the CVE for?
Loading of multiple Windows system DLLs from the installers application directory instead of Windows' system directory, a.k.a. DLL hijacking. Well-known and well-documented for example in <https://cwe.mitre.org/data/definitions/426.html> <https://cwe.mitre.org/data/definitions/427.html> <https://capec.mitre.org/data/definitions/471.html> On Windows 7: uxtheme.dll, winmm.dll, samcli.dll, msacm32.dll, version.dll, sfc.dll, sfc_os.dll, userenv.dll, profapi.dll, dwmapi.dll, mpr.dll On other versions of Windows: a similar list. regards Stefan
On Mon, Apr 18, 2016 at 4:49 AM, Stefan Kanthak <stefan.kanthak () nexgo de> wrote:Hi, please assign (1 or 2, as you like) CVEs for GnuPG classic and GnuPG modern. regards Stefan Kanthak
Current thread:
- CVE request: GnuPG classic & GnuPG modern Stefan Kanthak (Apr 18)
- Message not available
- Re: CVE request: GnuPG classic & GnuPG modern Stefan Kanthak (Apr 18)
- Re: CVE request: GnuPG classic & GnuPG modern cve-assign (Apr 21)
- Re: CVE request: GnuPG classic & GnuPG modern Stefan Kanthak (Apr 18)
- Message not available