EUVD-2018-0741

Malware in sbrugna...

windows-build-tools downloads Resources over HTTP

Affected versions of windows-build-tools insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution o...

GHSA-9P47-W5XP-F4XR windows-build-tools downloads Resources over HTTP

Affected versions of windows-build-tools insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution o...

Windows-build-tools Code Execution Vulnerability

windows-build-tools is a tool for building native node compiled modules in Windows. A security vulnerability exists in windows-build-tools versions prior to 1.0.0, which originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker can exploit the...

CVE-2017-16003

windows-build-tools is a module for installing C++ Build Tools for Windows using npm. windows-build-tools versions below 1.0.0 download resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources wi...

CVE-2017-16003

windows-build-tools is a module for installing C++ Build Tools for Windows using npm. windows-build-tools versions below 1.0.0 download resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources wi...

CVE-2017-16003

windows-build-tools is a module for installing C++ Build Tools for Windows using npm. windows-build-tools versions below 1.0.0 download resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources wi...

CVE-2017-16003

The CVE-2017-16003 entry affects the Windows tool Windows-build-tools (npm module for installing C++ Build Tools). Versions below 1.0.0 download resources over HTTP, which enables MITM interception of the downloaded executables. An attacker on the network could swap the requested resources with m...

Downloads Resources over HTTP

Overview Affected versions of windows-build-tools insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...