Vigil@nce - GnuPG: code execution during installation
June 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to download malicious libraries
on Windows, in order to run code during the installation of GnuPG.
Impacted products: GnuPG.
Severity: 2/4.
Creation date: 19/04/2016.
DESCRIPTION OF THE VULNERABILITY
When a user installs a new application on Windows, he downloads
the installation program (install.exe for example), and then runs
it.
However, the GnuPG installation program loads several DLLs
(uxtheme.dll, winmm.dll, samcli.dll, msacm32.dll, version.dll,
sfc.dll, sfc_os.dll, userenv.dll, profapi.dll, dwmapi.dll,
mpr.dll) from the current directory. So, if an attacker invited
the victim to download a malicious DLL file, before he runs
install.exe from the Download directory, the code located in the
DLL is run.
An attacker can therefore invite the victim to download malicious
libraries on Windows, in order to run code during the installation
of GnuPG.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/GnuPG-code-execution-during-installation-19402