#1374 generated Self-Extractor is unsecure

open
1
2013-09-11
2013-09-11
nekero8
No

After to generate a self-Extractor using the command
"C:\Program Files (x86)\7-Zip\7z.exe" a -sfx"y:\test.sfx" TestSelfExtractor.exe -ir!"TestInstaller.msi"
Using the tool BinScope I had reviewed if the generated TestSelfExtractor.exe had accomplishment some security best practice to avoid injection of another executable and I get the following report:
======================
Failed checks
E:\TestSelfExtractor.exe - NXCheck ( FAIL )
Information :
Image is not marked as NX compatible
E:\TestSelfExtractor.exe - SafeSEHCheck ( FAIL )
Information :
No SAFESEH (LOAD_CONFIG absent)
E:\TestSelfExtractor.exe - DBCheck ( FAIL )
======================

for further information about this Best Practice take a look at:
http://msdn.microsoft.com/en-us/magazine/cc337897.aspx#S2

As expected result generated self-extractor should have set the NX bit, DB bit ans SafeSEH

Discussion

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks