Full Disclosure: MSN Messenger is vulnerable to the shell: hole

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

MSN Messenger is vulnerable to the shell: hole

From: Jesse Ruderman <jruderman () hmc edu>
Date: Sun, 11 Jul 2004 05:11:41 -0500

Clicking a shell:windows\notepad.exe link in MSN Messenger 6.2.0137launches Notepad. MSN Messenger even recognizes shell: as a protocoland helpfully hyperlinks the URL.

Ctrl+clicking a shell:windows\notepad.exe link in Microsoft Word10.2627.3311 launches Notepad.

What others Windows programs (browsers, e-mail clients, IM clients, wordprocessors, etc.) are vulnerable to the shell: hole?


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

MSN Messenger is vulnerable to the shell: hole Jesse Ruderman (Jul 11)
- Re: MSN Messenger is vulnerable to the shell: hole Lan Guy (Jul 11)
- <Possible follow-ups>
- Re: MSN Messenger is vulnerable to the shell: hole http-equiv () excite com (Jul 11)