[tor-bugs] #17895 [Tor bundles/installation]: Tor Browser Bundle subject to DLL hijacking
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Dec 18 20:20:55 UTC 2015
#17895: Tor Browser Bundle subject to DLL hijacking
------------------------------------------+--------------------------
Reporter: ericlaw | Owner: erinn
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Tor bundles/installation | Version: Tor: 0.2.7.6
Severity: Critical | Keywords:
Actual Points: | Parent ID:
Points: | Sponsor:
------------------------------------------+--------------------------
torbrowser-install-5.0.4.exe is vulnerable to DLL hijacking.
Create, e.g. shfolder.dll with a malicious DLL main and observe it runs
when the tor installer is executed from the same downloads folder.
http://textslashplain.com/2015/12/18/dll-hijacking-just-wont-die/
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17895>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list