You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Current Squirrel.Windows version is 1.9.0. However this version still have vulnerable to DLL hijacking.
To checking:
Build a Squirrel-based Electron app with windows-installer. I've tested this Electron app
Open procmon
In procmon add next rules: set path to the dir of ${App}Setup.exe (dir where the installer is stored), "Result" contains "NAME NOT FOUND", "Operation" contains "CreateFile"
$.
Open ${MyApp}Setup.exe
Observe "urlmon.dll" gets required on location that doesn't require administrator permisson.
Note: I'm trying to build Squirrel.Windows and set enviroment variable to make electron-builder download this instead but it's not working cause electron-builder have checksum check :(
The text was updated successfully, but these errors were encountered:
Current Squirrel.Windows version is 1.9.0. However this version still have vulnerable to DLL hijacking.
To checking:
$.
However, squirrel.window has fixed this problem and release version 1.9.1. (Squirrel/Squirrel.Windows#1444)
Note: I'm trying to build Squirrel.Windows and set enviroment variable to make electron-builder download this instead but it's not working cause electron-builder have checksum check :(
The text was updated successfully, but these errors were encountered: