Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: KaZaA
From: "Alex Lambert" <alambert () webmaster com>
Date: Fri, 18 Oct 2002 15:55:57 -0500


Kazaa's IE control (at least in 1.7.x) seems to treat certain URLs
differently, too, which could pose a problem. For example,
http://localhost/KazaaSearchQuery performs a search (a form for this is
displayed on desktop.kazaa.com). Putting more than 272 bytes into the query
argument causes a crash; I haven't checked if it's posisble to run malicious
code with this.



apl
----- Original Message -----
From: "David Krum" <frobnitz () msn com>
To: <bugtraq () securityfocus com>
Sent: Friday, October 18, 2002 11:33 AM
Subject: KaZaA


I'm concerned about all the applications which utilize ie browser
controls.
There are a lot of adware programs with little ads.  Some of these ads
have
activex, java, flash, js.  Any one of these capabilities in the wrong zone
could be dangerous.

My attention was first drawn to this when I noticed KaZaA launching popups
sourced from the local hard disk.  Surely these ads are running in the
local
zone.  To use software that does this I have to trust them to audit the
ads
given to them?

_________________________________________________________________
Broadband? Dial-up? Get reliable MSN Internet Access.
http://resourcecenter.msn.com/access/plans/default.asp




  By Date           By Thread  

Current thread:
  • KaZaA David Krum (Oct 18)
    • Re: KaZaA Nicholas C. Weaver (Oct 19)
    • RE: KaZaA Brenna Primrose (Oct 19)
    • Re: KaZaA Alex Lambert (Oct 19)
    • Re: KaZaA eD\\/ARd0 F/\\KEn^M3 (Oct 19)
    • <Possible follow-ups>
    • RE: KaZaA Christopher Wagner (Oct 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault