mailing list archives
Re: Re: shell:windows
From: Barry Fitzgerald <bkfsec () sdf lonestar org>
Date: Mon, 12 Jul 2004 10:51:50 -0400
Nick Eoannidis wrote:
eWEEK.com Security Center Editor --
buddy, the shell:windows URI handler was disabled in IE ages ago!
The fact it can be crafted into an exploit for Mozilla! is the issue
Of course it wont work on your IE your probably patched to the max!
Mozilla just forgot to disable access to this URI due to the fact
that mozilla was first built for nix and not windoze.
All versions of mozilla have been fixed now
Actually, that's not entirely accurate.
The shell:windows code does work in IE, the only difference being that
it displays a dialogue box when referenced asking if the user wishes to
open or save the file. Combine that with a little social engineering
and you've got a potential compromise.
Also, when the shell:windows reference is input into IE's address bar
field, it executes the code without a a dialogue box...
I think that some of you may see where that's going...
Full-Disclosure - We believe in it.
- Re: shell:windows Nick Eoannidis (Jul 11)
- Re: Re: shell:windows Barry Fitzgerald (Jul 12)