#1321 Program.exe vulnerability

None
closed
nobody
5
2013-07-04
2012-10-04
Ozzah
No

TeXnicCenter doesn't spawn child processes in a secure way.

Steps to reproduce: Create an executable file called Program.exe which shows a popup message, and place it in your C:\ root directory. Next, create a TeXnicCenter project, put some basic LaTeX code in it, and press CTRL+Shift+F5. Your LaTeX code will fail to compile, and the popup message will be shown.

This is a huge security vulnerability. If Program.exe were malicious and UAC is disabled or TeXnicCenter was running with elevated privileges, then serious damage could result.

I am using TeXnicCenter 1.0 Stable Release Candidate 1

Discussion

  • Ozzah

    Ozzah - 2012-10-04

    Screenshot

     
  • Tino Weinkauf

    Tino Weinkauf - 2012-11-03
    • status: open --> closed
     
  • Tino Weinkauf

    Tino Weinkauf - 2012-11-03

    Sorry, but you can do such a thing with almost all software. Also, you define what software is called by TXC.

     


Anonymous

Cancel  Add attachments





Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks