Hi, I want to report a vulnerability RELATED to DesktopInfo, not in it. I’m a professional penetration tester. Due to the lack of an installer, I’ve seen my customers unzip the program to the root of the C drive. Any new directories created on the root of the C drive have weak permissions which gives “authenticated users” read/write permissions, unlike those placed under “Program Files”. This allowed me to escalate privileges from a Domain User to Domain Administrator as well as local system privilege escalation.
Since there was no installer, the program was unzipped to C:\DesktopInfo and a shortcut placed in the Windows startup folder. I simply added CMD’s to the DesktopInfo ini file. When a user with admin privileges logs in, they unknowingly run my commands. The impact of this is that if a user of DesktopInfo gets “phished” by a black hat hacker, they can backdoor DesktopInfo’s ini file to run commands, such as install malware or ransomware.
I suggest adding something to the documentation stating that the program should be placed in a secure location, such as “C:\Program Files” or “C:\Program Files (x86)”. Best case would be for you to create an installer that places the program in “Program Files” by default.
I’ve added a new secret command line option to v3.2 that creates a pre-configured executable with an embedded ini file so you can deploy it without fear of it being modified by unauthorized personages.