Fw: Tortoise SVN latest vulnerable to Windows DLL hijacking

From: Nikhil Mittal <nikhil_uitrgpv_at_yahoo.co.in>
Date: Mon, 30 Aug 2010 22:20:58 +0530 (IST)

Hi,

Sorry I forgot to mention the DLLs, dwmapi.dll, TortoiseProc1033.dll and TortoiseProcENU.dll.

I need to open a tmpl file using TortoiseSVN to exploit the issue.

Regards,

Nikhil Mittal

--- On Mon, 30/8/10, Nikhil Mittal <nikhil_uitrgpv_at_yahoo.co.in> wrote:

From: Nikhil Mittal <nikhil_uitrgpv_at_yahoo.co.in>
Subject: Tortoise SVN latest vulnerable to Windows DLL hijacking
To: users_at_tortoisesvn.tigris.org
Date: Monday, 30 August, 2010, 10:13 PM

Hi There,

TortoiseSVN 1.6.10, Build 19898 ( latest available on tigris.org) is vulnerable to Windows DLL Hijacking vulnerability.
http://www.microsoft.com/technet/security/advisory/2269637.mspx

I am able to gain a command shell with current user privileges using metasploit. This is to notify you please. Request your consent to make it public.

Regards,

Nikhil Mittal

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2653164

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2010-08-30 19:10:05 CEST

This message: [ Message body ]
Next message: Stefan Küng: "Re: tortoiseproc checkout path modified"
Previous message: Michael j. Hudgins: "SSH key does not not work for CVS checkout"
Maybe in reply to: Nikhil Mittal: "Tortoise SVN latest vulnerable to Windows DLL hijacking"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]