Code::Blocks / Tickets / #299 SECURITY: Windows installer subject to DLL Hijacking

A free C, C++ and Fortran IDE

#299 SECURITY: Windows installer subject to DLL Hijacking

Milestone: Next_Nightly

Status: fixed

Owner: Morten MacFly

Labels: None

Type: Bug_Report

Updated: 2016-02-17

Created: 2016-02-14

Private: No

The current v16 Windows installer is built with NSIS 2.46 which suffers from a security vulnerability described here: https://textplain.wordpress.com/2015/12/18/dll-hijacking-just-wont-die/.

Please upgrade to NSIS2.5 to fix the issue.

Thanks!

Discussion

Morten MacFly - 2016-02-14

What installer(s) exactly? We have many of them and most should be using a way more recent NSIS.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Eric Lawrence - 2016-02-16

I tried both codeblocks-16.01-setup.exe and codeblocks-16.01mingw-setup.exe and both were built with the older NSIS. NSIS 2.5 was only released in December.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Morten MacFly - 2016-02-17

status: pending --> fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link: