[issue27410] DLL hijacking vulnerability in Python 3.5.2 installer
Mark Hammond
report at bugs.python.org
Mon Jul 4 04:26:45 EDT 2016
Mark Hammond added the comment:
While I agree the risk is fairly low and it will require effort to actually do, it still sounds worth fixing at some point. A user might be tricked into downloading a DLL - eg, Firefox will happily save it without any scary UI - it's just a file. Later they run our "trusted" download from the same directory and we screw them - even if the attacker can't elevate they can do damage.
----------
nosy: +mhammond
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue27410>
_______________________________________
More information about the Python-bugs-list
mailing list