Community
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Login

    Nessus reports vulnerability “Microsoft Windows Unquoted Service Path Enumeration”

    Security
    2
    2
    835
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Phil RandalP
      Phil Randal
      last edited by

      Our regular security scans are screaming about the vulnerability “Microsoft Windows Unquoted Service Path Enumeration” (Nessus plugin ID 63155).

      The installer doesn’t quote the uninstall string appropriately.

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Notepad++\UninstallString is

      C:\Program Files\Notepad++\uninstall.exe

      when it should be

      “C:\Program Files\Notepad++\uninstall.exe”

      And similarly in wow64node for 32-bit version.

      Can you please tweak the installer to quote this so that people don’t have to waste time “remediating” this?

      Phil

      1 Reply Last reply Reply Quote 0
      • EkopalypseE
        Ekopalypse
        last edited by

        @Phil-Randal see here.

        1 Reply Last reply Reply Quote 2
        • First post
          Last post
        The Community of users of the Notepad++ text editor.
        Powered by NodeBB | Contributors