subject:"Executable installers are vulnerable\^WEVIL \(case 20\)\: TrueCrypt's installers allow arbitrary \(remote\) code execution and escalation of privilege"

Re: Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege

2016-01-11 Thread Sarah Allen

TrueCrypt ceased development back in 2014. Please refer to the below link to migrate to an alternative (BitLocker) from TrueCrypt. http://truecrypt.sourceforge.net/ From: Stefan Kanthak Sent: Friday, 8 January 2016 9:32 PM To:

Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege

2016-01-08 Thread Stefan Kanthak

Hi @ll, the executable installers "TrueCrypt Setup 7.1a.exe" and TrueCrypt-7.2.exe load and execute USP10.dll, RichEd20.dll, NTMarta.dll and SRClient.dll from their "application directory". For software downloaded with a web browser the application directory is typically the user's "Downloads"