Ok. We get your point. On Dec 16, 2015 9:04 PM, "Stefan Kanthak" <[email protected]> wrote:
> Hi @ll, > > the executable installers of Nmap-7.00 and prior versions (see > <https://nmap.org/download.html>) as well as WinPcap-Nmap-4.12 and > prior versions (included in nmap-7.00-win32.zip and prior versions) > are built with the vulnerable Nullsoft Scriptable Install System > (NSIS) (see <http://seclists.org/fulldisclosure/2015/Dec/32> for > details). > > > These executable installers are vulnerable and allow arbitrary > (remote) code execution and escalation of privilege via the well- > known attacks already published in the advisory regarding NSIS and > the advisory <http://seclists.org/fulldisclosure/2015/Nov/101> titled > Mitigations for "carpet bombing" alias "directory poisoning" attacks > against executable installers. > > > Nmap-7.01 and WinPcap-Nmap-4.13 have been released and fix these > vulnerabilities. > > > stay tuned > Stefan Kanthak > > _______________________________________________ > Sent through the Full Disclosure mailing list > https://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
