Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 18 Apr 2016 19:02:13 +0200
From: "Stefan Kanthak" <>
To: <>
Cc: "CVE ID Requests" <>
Subject: Re: CVE request: GnuPG classic & GnuPG modern

Kurt Seifried wrote:

> I suspect we're going to need a tiny bit more context around this request.
> Like... what's the CVE for?

Loading of multiple Windows system DLLs from the installers application
directory instead of Windows' system directory, a.k.a. DLL hijacking.

Well-known and well-documented for example in

On Windows 7:
    uxtheme.dll, winmm.dll, samcli.dll, msacm32.dll, version.dll, sfc.dll,
    sfc_os.dll, userenv.dll, profapi.dll, dwmapi.dll, mpr.dll

On other versions of Windows: a similar list.


> On Mon, Apr 18, 2016 at 4:49 AM, Stefan Kanthak <>
> wrote:
>> Hi,
>> please assign (1 or 2, as you like) CVEs for GnuPG classic and GnuPG
>> modern.
>> regards
>> Stefan Kanthak

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ