Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Is _your_ Netscape under remote control
From: dom () cwi nl (Dominique Avatravaux)
Date: Fri, 24 May 1996 20:12:09 -0600

Anyone else seen this? Netscape 1.1 and higher can be controlled
remotely. This can be abused in many ways as Netscape can be made to open
URL's add bookmarks, open local files and save local files without
informing the user.

  Yep, I already attempted to exploit this bug... First this only works on
misconfigured X displays (I know it is not rare, but...), second it is somewhat
hard to make a daemon which periodically checks if there is a Netscape running
on a given machine, and third this is not discrete : unless iconized, the
Netscape window shows what it is doing. I gave up after several *weeks* of
trial (was attempting to make him a surprise)... Sincerely, there are much
easier ways to exploit misconfigured X displays, the simplest being a Trojan
horse imitating an Xdm login prompt.

The Windows and Mac versions also have their own remote control but I'll
leave someone else to look at them...

  Er, unfortunately enough they don't listen to the network in any way : only X
has this network-transparent inter-client communications feature (or W95,
perhaps ?)

                                                        Dominique Quatravaux
                                                Dominique.Quatravaux () ens fr

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]