WinMerge / Bugs / #2182 SECURITY: 2.14.0 Installer vulnerable to DLL Hijacking

#2182 SECURITY: 2.14.0 Installer vulnerable to DLL Hijacking

Milestone: Trunk

Status: closed-fixed

Owner: Takashi Sawanaka

Labels: security (1)

Priority: 3

Updated: 2018-02-25

Created: 2016-03-29

Creator: Eric Lawrence

Private: No

The WinMerge 2.14.0 installer is vulnerable to a DLL hijacking attack of dwmapi.dll, allowing attacker-supplied code to run in the elevated context of the WinMerge installer.

https://textplain.wordpress.com/2015/12/18/dll-hijacking-just-wont-die/

Discussion

Takashi Sawanaka - 2018-02-25

status: open --> closed-fixed

assigned_to: Takashi Sawanaka
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Takashi Sawanaka - 2018-02-25

I think the problem was fixed in 2.15.2 installer which was created by latest inno setup

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

SECURITY: 2.14.0 Installer vulnerable to DLL Hijacking

Windows visual diff and merge for files and directories

Group

Searches

Help

#2182 SECURITY: 2.14.0 Installer vulnerable to DLL Hijacking

Discussion