[wix-users] LGHT0388: The file name 'Setup.exe' creates an insecure bundle
Hoover, Jacob
Jacob.Hoover at greenheck.com
Fri Apr 26 09:21:38 PDT 2019
Rename the bundle output...
Windows does "bad things" when a user tries to run a file named Setup.exe, just as the error message indicates. The shim loading process can cause the OS to probe for DLL's, and if it isn't current on windows updates... IE, if some malicious page caused your browser to download a DLL with the same file name as an OS DLL, the unpatched OS may load it from the downloads folder instead of the OS. WiX chose to be cautious, and not allow the shimming to happen, as we can't assert that the OS has the patches installed.
-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of Mouni K via wix-users
Sent: Friday, April 26, 2019 6:09 AM
To: wix-users at lists.wixtoolset.org
Cc: Mouni K <mouni.c2cbit at gmail.com>
Subject: [wix-users] LGHT0388: The file name 'Setup.exe' creates an insecure bundle
Hello WixUsers,
We were building our project with Wix 3.6 and now upgraded to 3.11.1. Now when i build the project , the get the below error-
I do not understand how or where to rename the Setup.exe to something other than Setup.exe.
*light.exe(0,0): error LGHT0388: The file name 'Setup.exe' creates an insecure bundle. Windows will load unnecessary compatibility shims into a bundle with that file name. These compatibility shims can be DLL hijacked allowing attackers to compromise your customers' computer. Choose a different bundle file name.*
Any help is appreciated.
Thanks,
Mounika.
____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/
NOTE: This email was received from an external source. Please use caution when opening links or attachments in the message.
More information about the wix-users
mailing list