Nessus reports vulnerability “Microsoft Windows Unquoted Service Path Enumeration”



  • Our regular security scans are screaming about the vulnerability “Microsoft Windows Unquoted Service Path Enumeration” (Nessus plugin ID 63155).

    The installer doesn’t quote the uninstall string appropriately.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Notepad++\UninstallString is

    C:\Program Files\Notepad++\uninstall.exe

    when it should be

    “C:\Program Files\Notepad++\uninstall.exe”

    And similarly in wow64node for 32-bit version.

    Can you please tweak the installer to quote this so that people don’t have to waste time “remediating” this?

    Phil




Log in to reply