Topic "WinSCP 5.9.1 DLL Hijacking Exploit (shcore.dll)"

[Reply to topic] [Log in] [Forum Index] [Forum "Support and Bug Reports"] [Previous topic] [Next topic]

Author Message
AndreaS

Guest


Posted: 2016-09-12 12:12
PostWinSCP 5.9.1 DLL Hijacking Exploit (shcore.dll)
[Reply with quote]
Is this being addressed somewhere?
http://www.exploitalert.com/view-details.html?id=24734
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 26480
Location: Prague, Czechia
Posted: 2016-09-12
PostRe: WinSCP 5.9.1 DLL Hijacking Exploit (shcore.dll)
[Reply with quote]
Thanks for your post.

This issue is being tracked here:
https://winscp.net/tracker/show_bug.cgi?id=1459

How exactly do you think you are vulnerable due to this?
AndreaS

Guest


Posted: 2016-09-12 16:05
Post
[Reply with quote]
Thanks Martin!

I know very little about Windows security and DLL highjacking in particular. Actually, I use Windows (and maintain it for others) since so many years that I was suprised when I first heard that DLL highjacking is considered a vulnerability Wink I mean we oldies always saw it as a (mis)feature. Yet, I am not the one to judge.

I just saw the disclosure and knowing that generally you have already fixed WinSCP when something's disclosed I was wondering what is going on and whether I had missed something.

Thanks a lot for taking care of it.
Advertisements

[Reply to topic]

You can post new topics in this forum






Search

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License