WinSCP 5.9.1 DLL Hijacking Exploit (shcore.dll)




Thanks Martin!

I know very little about Windows security and DLL highjacking in particular. Actually, I use Windows (and maintain it for others) since so many years that I was suprised when I first heard that DLL highjacking is considered a vulnerability ;) I mean we oldies always saw it as a (mis)feature. Yet, I am not the one to judge.

I just saw the disclosure and knowing that generally you have already fixed WinSCP when something's disclosed I was wondering what is going on and whether I had missed something.

Thanks a lot for taking care of it.

Reply with quote


You can post new topics in this forum