Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: shell:windows
From: Barry Fitzgerald <bkfsec () sdf lonestar org>
Date: Mon, 12 Jul 2004 10:51:50 -0400

Nick Eoannidis wrote:

Larry Seltzer
eWEEK.com Security Center Editor --

buddy, the shell:windows URI handler was disabled in IE ages ago!
The fact it can be crafted into an exploit for Mozilla! is the issue
Of course it wont work on your IE your probably patched to the max!
Mozilla just forgot to disable access to this URI due to the fact
that mozilla was first built for nix and not windoze.
All versions of mozilla have been fixed now

Actually, that's not entirely accurate.

The shell:windows code does work in IE, the only difference being that it displays a dialogue box when referenced asking if the user wishes to open or save the file. Combine that with a little social engineering and you've got a potential compromise.

Also, when the shell:windows reference is input into IE's address bar field, it executes the code without a a dialogue box...

I think that some of you may see where that's going...


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]