electron-builder-binaries icon indicating copy to clipboard operation
electron-builder-binaries copied to clipboard

Published 20 hours ago verified publisher icon electron-userland

[Security] Hijacking DLL problem

Open squalle0nhart opened this issue 5 years ago • 0 comments

Current Squirrel.Windows version is 1.9.0. However this version still have vulnerable to DLL hijacking. To checking:

  1. Build a Squirrel-based Electron app with windows-installer. I've tested this Electron app
  2. Open procmon
  3. In procmon add next rules: set path to the dir of ${App}Setup.exe (dir where the installer is stored), "Result" contains "NAME NOT FOUND", "Operation" contains "CreateFile" $.
  4. Open ${MyApp}Setup.exe
  5. Observe "urlmon.dll" gets required on location that doesn't require administrator permisson.

However, squirrel.window has fixed this problem and release version 1.9.1. (https://github.com/Squirrel/Squirrel.Windows/pull/1444)

Note: I'm trying to build Squirrel.Windows and set enviroment variable to make electron-builder download this instead but it's not working cause electron-builder have checksum check :(

squalle0nhart avatar Jul 23 '20 03:07 squalle0nhart