|
Full Disclosure
mailing list archives
Re: MSN Messenger is vulnerable to the shell: hole
From: "Lan Guy" <rlanguy () hotmail com>
Date: Sun, 11 Jul 2004 16:43:05 +0300
you are missing the point.
in the IE example a user goes to browse a page and then the is executed on
the users computer.
In the messenger and MS Word examples you have given the user is just
launching a process locally.
----- Original Message -----
From: "Jesse Ruderman" <jruderman () hmc edu>
To: <Full-Disclosure () lists netsys com>
Sent: Sunday, July 11, 2004 1:11 PM
Subject: [Full-disclosure] MSN Messenger is vulnerable to the shell: hole
Clicking a shell:windows\notepad.exe link in MSN Messenger 6.2.0137
launches Notepad. MSN Messenger even recognizes shell: as a protocol
and helpfully hyperlinks the URL.
Ctrl+clicking a shell:windows\notepad.exe link in Microsoft Word
10.2627.3311 launches Notepad.
What others Windows programs (browsers, e-mail clients, IM clients, word
processors, etc.) are vulnerable to the shell: hole?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
| 
Intro
