Community
    • Login

    Nessus reports vulnerability “Microsoft Windows Unquoted Service Path Enumeration”

    Scheduled Pinned Locked Moved Security
    2 Posts 2 Posters 2.0k Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Phil RandalP Offline
      Phil Randal
      last edited by

      Our regular security scans are screaming about the vulnerability “Microsoft Windows Unquoted Service Path Enumeration” (Nessus plugin ID 63155).

      The installer doesn’t quote the uninstall string appropriately.

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Notepad++\UninstallString is

      C:\Program Files\Notepad++\uninstall.exe

      when it should be

      “C:\Program Files\Notepad++\uninstall.exe”

      And similarly in wow64node for 32-bit version.

      Can you please tweak the installer to quote this so that people don’t have to waste time “remediating” this?

      Phil

      1 Reply Last reply Reply Quote 0
      • EkopalypseE Offline
        Ekopalypse
        last edited by

        @Phil-Randal see here.

        1 Reply Last reply Reply Quote 2

        Hello! It looks like you're interested in this conversation, but you don't have an account yet.

        Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

        With your input, this post could be even better 💗

        Register Login
        • First post
          Last post
        The Community of users of the Notepad++ text editor.
        Powered by NodeBB | Contributors