Community

    • Login
    • Search
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search

    Nessus reports vulnerability “Microsoft Windows Unquoted Service Path Enumeration”

    Security
    2
    2
    723
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Phil Randal
      Phil Randal last edited by

      Our regular security scans are screaming about the vulnerability “Microsoft Windows Unquoted Service Path Enumeration” (Nessus plugin ID 63155).

      The installer doesn’t quote the uninstall string appropriately.

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Notepad++\UninstallString is

      C:\Program Files\Notepad++\uninstall.exe

      when it should be

      “C:\Program Files\Notepad++\uninstall.exe”

      And similarly in wow64node for 32-bit version.

      Can you please tweak the installer to quote this so that people don’t have to waste time “remediating” this?

      Phil

      1 Reply Last reply Reply Quote 0
      • Ekopalypse
        Ekopalypse last edited by

        @Phil-Randal see here.

        1 Reply Last reply Reply Quote 2
        • First post
          Last post
        Copyright © 2014 NodeBB Forums | Contributors