Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)

From: Jacky Jack <jacksonsmth698 () gmail com>
Date: Wed, 8 Sep 2010 04:10:36 +0800
Be patient.
It won't last for too long.
Even if you're tired of it, those who've been using it for creating
botnets love to see it.



On Tue, Sep 7, 2010 at 2:28 PM, Christian Sciberras <uuf6429 () gmail com> wrote:

I'm getting a bit tired of throwing away these "security advisories".

Really, someone should install a whole load of popular applications, ensure
any of them load their own files, and finally, thanks to a mass dependency
check, ensure DWM is being loaded at runtime.

At least, it would be just one email/thread to trash.





On Tue, Sep 7, 2010 at 8:23 AM, Dan Kaminsky <dan () doxpara com> wrote:


So, what's the security model around .ygwx files?

On Tue, Sep 7, 2010 at 1:57 AM, YGN Ethical Hacker Group <lists () yehg net>
wrote:


The fixed version KeePass 2.13 has been released.

http://keepass.info/news/n100906_2.13.html

But failure to describe "DLL Hijacking was fixed".

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: