[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Executable installers are vulnerable^WEVIL (case 14): Rapid7's ScanNowUPnP.exe allows arbitrary (remote) code execution
the executable installer [°]['] (rather: the 7-Zip based executable
self-extractor [²]) of Rapid7's (better known for their flagship
Metasploit) ScanNowUPnP.exe loads and executes several rogue/bogus
DLLs eventually found in the directory it is started from (the
"application directory"), commonly known as "DLL hijacking".
For software downloaded with a web browser the application directory
is typically the "Downloads" directory: see
See the comprehensive write-up on Rapid7's community blog:
Especially note that Rapid7 removed the now deprecated ScanNowUPnP.exe
and advises all users to remove it from any system that still has it.