• Login
Community
  • Login

Nessus reports vulnerability “Microsoft Windows Unquoted Service Path Enumeration”

Scheduled Pinned Locked Moved Security
2 Posts 2 Posters 1.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P
    Phil Randal
    last edited by Sep 20, 2019, 2:54 PM

    Our regular security scans are screaming about the vulnerability “Microsoft Windows Unquoted Service Path Enumeration” (Nessus plugin ID 63155).

    The installer doesn’t quote the uninstall string appropriately.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Notepad++\UninstallString is

    C:\Program Files\Notepad++\uninstall.exe

    when it should be

    “C:\Program Files\Notepad++\uninstall.exe”

    And similarly in wow64node for 32-bit version.

    Can you please tweak the installer to quote this so that people don’t have to waste time “remediating” this?

    Phil

    1 Reply Last reply Reply Quote 0
    • E
      Ekopalypse
      last edited by Sep 20, 2019, 3:05 PM

      @Phil-Randal see here .

      1 Reply Last reply Reply Quote 2
      1 out of 2
      • First post
        1/2
        Last post
      The Community of users of the Notepad++ text editor.
      Powered by NodeBB | Contributors