Skip to content

EXE hijacking runs unexpected code when using context menus in Windows Explorer #944

Closed
@mattymcfatty

Description

@mattymcfatty

Setup

  • Which version of Git for Windows are you using? Is it 32-bit or 64-bit?
    Git-2.10.2-64-bit.exe

  • Which version of Windows are you running? Vista, 7, 8, 10? Is it 32-bit or 64-bit?
    Windows 8.1

  • What options did you set as part of the installation? Or did you choose the
    defaults?
    Defaults

# One of the following:
C:\>type "C:\Program Files\Git\etc\install-options.txt"
Path Option: Cmd
SSH Option: OpenSSH
CRLF Option: CRLFAlways
Bash Terminal Option: MinTTY
Performance Tweaks FSCache: Enabled
Enable Symlinks: Disabled

 - Any other interesting things about your environment that might be related
   to the issue you're seeing?
Don't think so. Had some buddies reproduce the issue on Windows 10

### Details

 - Which terminal/shell are you running Git from? e.g Bash/CMD/PowerShell/other
Windows Explorer

 - What commands did you run to trigger this issue? 
Here is an example of the steps to reproduce in Windows Explorer
https://youtu.be/S7jOLv0sul0

 - What did you expect to occur after running these commands?

Open Git Bash in the current folder

 - What actually happened instead?

Arbitrary file named "git.exe" in the current folder was executed. This has security implications since users will not expect this behavior when using Windows context menus. For example, a security-conscious user would know not to execute EXE files included in an untrusted repository, but using Windows context menus could unexpectedly execute such untrusted code. This issue is similar to DLL hijacking if you are familiar with that. Here is a brief explanation of DLL hijacking if you're not familiar https://trustfoundry.net/what-is-dll-hijacking/

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions