Jump to content

Unquoted path vulnerability in AutoIT


Recommended Posts

Hi,
After application installation on x64bit  machine, AutoIT adding unquoted path in uninstallation string, this is threaten as vulnerability - even tho, there is no issues with uninstallation, but this unquoting generate reports in vulnerability scanners like nessus. 
Here is the link to MS description: Microsoft Windows Unquoted Path Vulnerability | Mageni

It will be nice to fix this in newer version of application.

Thanks

image.png

Link to comment
Share on other sites

As mentioned in the article, unquoted uninstall paths are a fairly low risk/security concern--compared to unquoted service paths--as uninstallers typically involve user initiation and rights escalation. 

Still, not a terrible suggestion to address in the next release/beta.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...