|
Bugtraq
mailing list archives
Re: Re[2]: 0day: mIRC pwns Windows
From: "Gavin Hanover" <netmunky () gmail com>
Date: Thu, 4 Oct 2007 06:47:31 -0700
Windows is doing the URI handling, not mIRC. This example can be just
as easily duplicated by entering
http:%xx../../../../../../../../../../../windows/system32/calc.exe".bat
into the start->run dialog.
http://www.kb.cert.org/vuls/id/403150
this is not a mIRC bug.
On 10/4/07, 3APA3A <3APA3A () security nnov ru> wrote:
Dear Gavin Hanover,
In this very case it's really seems to be mIRC problem ("unfiltered
shell characters"). It doesn't depend on URL handler and will work with
any valid URL handler. You can reproduce same vulnerability by entering
http:%xx../../../../../../../../../../../windows/system32/calc.exe".bat
Exploitable under Windows XP, not exploitable under Vista.
--Wednesday, October 3, 2007, 11:59:45 PM, you wrote to jinc4fareijj () hotmail com:
GH> is this a mirc bug or a mail client bug?
mailto:%xx../../../../../../../../../../../windows/system32/calc.exe".bat
--
~/ZARAZA http://securityvulns.com/
--
In God we trust,
Everyone else must have an x.509 certificate.
 By Date 
By Thread
Current thread:
| 
Intro
