Home page logo

fulldisclosure logo Full Disclosure mailing list archives

MSN Messenger is vulnerable to the shell: hole
From: Jesse Ruderman <jruderman () hmc edu>
Date: Sun, 11 Jul 2004 05:11:41 -0500

Clicking a shell:windows\notepad.exe link in MSN Messenger 6.2.0137 launches Notepad. MSN Messenger even recognizes shell: as a protocol and helpfully hyperlinks the URL.

Ctrl+clicking a shell:windows\notepad.exe link in Microsoft Word 10.2627.3311 launches Notepad.

What others Windows programs (browsers, e-mail clients, IM clients, word processors, etc.) are vulnerable to the shell: hole?

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]