AnandBhat wrote:After reading https://isc.sans.edu/diary/Help+eliminate+unquoted+path+vulnerabilities/14464, I noticed an unquoted path vulnerability in the WinMerge shell extension feature. I tried the latest Alpha release (2.13.21 alpha) and the issue continues to be present. Can you please have this addressed in your next release?
Steps to reproduce the issue:
1. Install WinMerge in the default location (C:\Program Files\WinMerge) and enable shell extensions.
2. Create a copy of calc.exe and place it as C:\program.exe
3. Attempt to use the shell extension (either Compare or Compare As... after selecting two files or directories).
4. The copy of calc.exe opens up instead of WinMerge, indicating the the shell extension tried to invoke WinMerge using an unquoted command path.
Let me know if you need any other details.
Users browsing this forum: No registered users and 2 guests