[issue27410] DLL hijacking vulnerability in Python 3.5.2 installer

Steve Dower added the comment: It's not even that the risk is low, it's that we can't actually fix it. There are zero explicit DLL loads in the installer (either the part we own or the third-party core) that are insecure, and the four DLLs referenced by the third-party core executable that are

[issue27410] DLL hijacking vulnerability in Python 3.5.2 installer

Mark Hammond added the comment: While I agree the risk is fairly low and it will require effort to actually do, it still sounds worth fixing at some point. A user might be tricked into downloading a DLL - eg, Firefox will happily save it without any scary UI - it's just a file. Later they run

[issue27410] DLL hijacking vulnerability in Python 3.5.2 installer

Changes by Jeremy Kloth : -- nosy: +jkloth ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.

[issue27410] DLL hijacking vulnerability in Python 3.5.2 installer

Steve Dower added the comment: Unless you can show that it's loaded after the installer elevates, I'm not concerned. "User can run arbitrary code as themselves" is not a security vulnerability. (Hint: when the bundle elevates, it copies the exe to a new directory and runs it from there to avoi

[issue27410] DLL hijacking vulnerability in Python 3.5.2 installer

Eryk Sun added the comment: > installer attempts to load DLLs from the current directory It's actually the application directory that's the culprit, not the current directory. All supported versions of Windows default to SafeDllSearchMode, which moves the current directory after system directo

[issue27410] DLL hijacking vulnerability in Python 3.5.2 installer

Changes by Christian Ullrich : -- nosy: +Christian.Ullrich ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http

[issue27410] DLL hijacking vulnerability in Python 3.5.2 installer

Changes by Berker Peksag : -- nosy: +steve.dower ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.p

[issue27410] DLL hijacking vulnerability in Python 3.5.2 installer

Changes by anandbhat : Added file: http://bugs.python.org/file43576/Python_3.5.2_64_exe_DLL_Hijack.PNG ___ Python tracker ___ ___ Python-bugs-

[issue27410] DLL hijacking vulnerability in Python 3.5.2 installer

Changes by anandbhat : Removed file: http://bugs.python.org/file43574/Python_3.5.2_64_exe_DLL_Hijack.PNG ___ Python tracker ___ ___ Python-bu

[issue27410] DLL hijacking vulnerability in Python 3.5.2 installer

Changes by anandbhat : Added file: http://bugs.python.org/file43575/Python_3.5.2_64_exe_version_DLL_Hijack.PNG ___ Python tracker ___ ___ Pyt

[issue27410] DLL hijacking vulnerability in Python 3.5.2 installer

New submission from anandbhat: The Python 3.5.2 Windows x86-64 executable installer (MD5: 4da6dbc8e43e2249a0892d257e977291) downloaded from https://www.python.org/ftp/python/3.5.2/python-3.5.2-amd64.exe is vulnerable to DLL hijacking. The installer attempts to load DLLs from the current direc