mailing list archives
Re: Re: shell:windows
From: Barry Fitzgerald <bkfsec () sdf lonestar org>
Date: Mon, 12 Jul 2004 13:26:37 -0400
Larry Seltzer wrote:
I agree with what you're saying here, but it's still an issue to be
aware of and is not disabled entirely - which was what was claimed in
the message I responded to.
This behavior is indistinguishable from that of a simple href to the file itself, so
there's no point in bringing in the shell: stuff. If you want to assume a little social
engineering can do anything than a simple href is a vulnerability for any browser.
It's as meaningful as the Mozilla issue. If your point is that that
wasn't a meaningful problem either, then we can agree to disagree on the
scope. I'll agree that getting this issue to run code of the choosing
of the attacker is more difficult than some other unpatched IE holes,
but it is not impossible.
Also, when the shell:windows reference is input into IE's address bar field, it
executes the code without a a dialogue box...
Gimme a break. This is not a meaningful problem.
I wonder, why are you so quick to discount this when you haven't looked
deeply into it?
Full-Disclosure - We believe in it.