[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Fw: Tortoise SVN latest vulnerable to Windows DLL hijacking

From: Nikhil Mittal <nikhil_uitrgpv_at_yahoo.co.in>
Date: Mon, 30 Aug 2010 22:20:58 +0530 (IST)

Hi,

Sorry I forgot to mention the DLLs, dwmapi.dll, TortoiseProc1033.dll and TortoiseProcENU.dll.

I need to open a tmpl file using TortoiseSVN to exploit the issue.

Regards,

Nikhil Mittal

--- On Mon, 30/8/10, Nikhil Mittal <nikhil_uitrgpv_at_yahoo.co.in> wrote:

From: Nikhil Mittal <nikhil_uitrgpv_at_yahoo.co.in>
Subject: Tortoise SVN latest vulnerable to Windows DLL hijacking
To: users_at_tortoisesvn.tigris.org
Date: Monday, 30 August, 2010, 10:13 PM

Hi There,

TortoiseSVN 1.6.10, Build 19898 ( latest available on tigris.org) is vulnerable to Windows DLL Hijacking vulnerability.
http://www.microsoft.com/technet/security/advisory/2269637.mspx

I am able to gain a command shell with current user privileges using metasploit. This is to notify you please. Request your consent to make it public.

Regards,

Nikhil Mittal

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2653164

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2010-08-30 19:10:05 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.