|
Bugtraq
mailing list archives
Re: KaZaA
From: "Alex Lambert" <alambert () webmaster com>
Date: Fri, 18 Oct 2002 15:55:57 -0500
Kazaa's IE control (at least in 1.7.x) seems to treat certain URLs
differently, too, which could pose a problem. For example,
http://localhost/KazaaSearchQuery performs a search (a form for this is
displayed on desktop.kazaa.com). Putting more than 272 bytes into the query
argument causes a crash; I haven't checked if it's posisble to run malicious
code with this.
apl
----- Original Message -----
From: "David Krum" <frobnitz () msn com>
To: <bugtraq () securityfocus com>
Sent: Friday, October 18, 2002 11:33 AM
Subject: KaZaA
I'm concerned about all the applications which utilize ie browser
controls.
There are a lot of adware programs with little ads. Some of these ads
have
activex, java, flash, js. Any one of these capabilities in the wrong zone
could be dangerous.
My attention was first drawn to this when I noticed KaZaA launching popups
sourced from the local hard disk. Surely these ads are running in the
local
zone. To use software that does this I have to trust them to audit the
ads
given to them?
_________________________________________________________________
Broadband? Dial-up? Get reliable MSN Internet Access.
http://resourcecenter.msn.com/access/plans/default.asp
 By Date 
By Thread
Current thread:
- KaZaA David Krum (Oct 18)
- Re: KaZaA Nicholas C. Weaver (Oct 18)
- RE: KaZaA Brenna Primrose (Oct 18)
- Re: KaZaA Alex Lambert (Oct 18)
- Re: KaZaA eD\\/ARd0 F/\\KEn^M3 (Oct 19)
- <Possible follow-ups>
- RE: KaZaA Christopher Wagner (Oct 18)
| 
Intro
