[tex-live] ConTeXt in TL on Windows broken

Taco Hoekwater taco at elvenkind.com
Tue Jun 1 18:12:05 CEST 2010


T T wrote:
> 
>> Is Context /really/ that bad/dangerous ?!
> 
> If an attacker would place a rogue texlua.exe in the current directory
> (not that hard on windows), then you get arbitrary code execution if
> you pick up executables from there.  Is that bad enough?

But wouldn't they have to place 'our' mtxrun.dll in the current
directory as well then? Doesn't sound very likely to me.

Best wishes,
Taco




More information about the tex-live mailing list