[Nasm-bugs] [Bug 3392457] DLL hijacking in NASM installer leading to arbitary code execution ( stable release )
no-reply at bugzilla-nasm.gorcunov.org
no-reply at bugzilla-nasm.gorcunov.org
Wed Jan 3 07:02:59 PST 2018
https://bugzilla.nasm.us/show_bug.cgi?id=3392457
--- Comment #4 from Cyrill Gorcunov <gorcunov at gmail.com> ---
Hardly.
1) There is a need to download an installer
2) There is a need to place a malicious dll into the directory from where the
installed will run.
Thus you need a physical access to the machine to initiate this action.
Moreover, if you have a malicious dll there most likely you already compromised
and running nsis installer is the least problem you have.
So i think it should rather be considered as a plain bug and we should address
it anyhow (probably by updating nsis version).
--
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.
More information about the Nasm-bugs
mailing list