Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

AndreaS

Thanks Martin!

I know very little about Windows security and DLL highjacking in particular. Actually, I use Windows (and maintain it for others) since so many years that I was suprised when I first heard that DLL highjacking is considered a vulnerability ;) I mean we oldies always saw it as a (mis)feature. Yet, I am not the one to judge.

I just saw the disclosure and knowing that generally you have already fixed WinSCP when something's disclosed I was wondering what is going on and whether I had missed something.

Thanks a lot for taking care of it.
martin

Re: WinSCP 5.9.1 DLL Hijacking Exploit (shcore.dll)

Thanks for your post.

This issue is being tracked here:
Issue 1459 – DLL hijacking protection

How exactly do you think you are vulnerable due to this?
AndreaS

WinSCP 5.9.1 DLL Hijacking Exploit (shcore.dll)

Is this being addressed somewhere?
<invalid hyperlink removed by admin>