[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Fw: Tortoise SVN latest vulnerable to Windows DLL hijacking

From: Nikhil Mittal <nikhil_uitrgpv_at_yahoo.co.in>
Date: Mon, 30 Aug 2010 22:20:58 +0530 (IST)


Sorry I forgot to mention the DLLs, dwmapi.dll, TortoiseProc1033.dll and TortoiseProcENU.dll.

I need to open a tmpl file using TortoiseSVN to exploit the issue.


Nikhil Mittal

--- On Mon, 30/8/10, Nikhil Mittal <nikhil_uitrgpv_at_yahoo.co.in> wrote:

From: Nikhil Mittal <nikhil_uitrgpv_at_yahoo.co.in>
Subject: Tortoise SVN latest vulnerable to Windows DLL hijacking
To: users_at_tortoisesvn.tigris.org
Date: Monday, 30 August, 2010, 10:13 PM

Hi There,

TortoiseSVN 1.6.10, Build 19898 ( latest available on tigris.org) is vulnerable to Windows DLL Hijacking vulnerability.

I am able to gain a command shell with current user privileges using metasploit. This is to notify you please. Request your consent to make it public.


Nikhil Mittal


To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2010-08-30 19:10:05 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.