Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: MSN Messenger is vulnerable to the shell: hole
From: "Lan Guy" <rlanguy () hotmail com>
Date: Sun, 11 Jul 2004 16:43:05 +0300

you are missing the point.
in the IE example a user goes to browse a page and then the is executed on
the users computer.

In the messenger and MS Word examples you have given the user is just
launching a process locally.


----- Original Message ----- 
From: "Jesse Ruderman" <jruderman () hmc edu>
To: <Full-Disclosure () lists netsys com>
Sent: Sunday, July 11, 2004 1:11 PM
Subject: [Full-disclosure] MSN Messenger is vulnerable to the shell: hole


Clicking a shell:windows\notepad.exe link in MSN Messenger 6.2.0137
launches Notepad.  MSN Messenger even recognizes shell: as a protocol
and helpfully hyperlinks the URL.

Ctrl+clicking a shell:windows\notepad.exe link in Microsoft Word
10.2627.3311 launches Notepad.

What others Windows programs (browsers, e-mail clients, IM clients, word
processors, etc.) are vulnerable to the shell: hole?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault