Nessus reports vulnerability “Microsoft Windows Unquoted Service Path Enumeration”
-
Our regular security scans are screaming about the vulnerability “Microsoft Windows Unquoted Service Path Enumeration” (Nessus plugin ID 63155).
The installer doesn’t quote the uninstall string appropriately.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Notepad++\UninstallString is
C:\Program Files\Notepad++\uninstall.exe
when it should be
“C:\Program Files\Notepad++\uninstall.exe”
And similarly in wow64node for 32-bit version.
Can you please tweak the installer to quote this so that people don’t have to waste time “remediating” this?
Phil
-
@Phil-Randal see here.