[issue27410] DLL hijacking vulnerability in Python 3.5.2 installer
Steve Dower
report at bugs.python.org
Wed Jun 29 09:35:21 EDT 2016
Steve Dower added the comment:
Unless you can show that it's loaded after the installer elevates, I'm not concerned. "User can run arbitrary code as themselves" is not a security vulnerability. (Hint: when the bundle elevates, it copies the exe to a new directory and runs it from there to avoid this issue.)
I'll leave this open for a few days in case of more comments.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue27410>
_______________________________________
More information about the Python-bugs-list
mailing list