Full Disclosure mailing list archives

Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype

From: Paul Szabo <psz () maths usyd edu au>
Date: Sun, 7 Oct 2007 07:14:04 +1000

What I see as "root cause", is not what IE7 has changed. Windows was
always confused about quoting, may parse and re-parse a command an
unspecified number of times. Compared to Unix, it confuses system(3)
with execl(3).

In the registry there are shell\open\command keys, set to 'prog %1'. It
should be clear to Windows that there is a command with one argument;
but it will normally mis-parse blanks within %1 and have many arguments.
Some registry keys are set to 'prog "%1"' to protect against blanks, but
those are vulnerable to embedded quotes. I only guess that things are
generally unsafe against embedded % characters (though maybe not the URL
protocol handlers we are specifically worried about here).

A number of similar issues would be solved if Windows would respect the
"command with one argument" setting, parsing the registry key just once.

Cheers,

Paul Szabo   psz () maths usyd edu au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) available, (continued)
- - - Third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) available KJK::Hyperion (Oct 13)
    - Re: Third-party patch for CVE-2007-3896, UPDATE NOW KJK::Hyperion (Oct 17)
    - I made third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) KJK::Hyperion (Oct 14)
    - Re: I made third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) KJK::Hyperion (Oct 14)
    - Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Thierry Zoller (Oct 11)
    - Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Roger A. Grimes (Oct 07)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Andreas Lindenblatt (Oct 09)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Andreas Lindenblatt (Oct 09)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Thierry Zoller (Oct 06)
  - Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Morning Wood (Oct 08)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Paul Szabo (Oct 06)
  - Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype KJK::Hyperion (Oct 06)
    - Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Paul Szabo (Oct 07)
    - Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype KJK::Hyperion (Oct 07)
    - Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Paul Szabo (Oct 11)
    - Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Pavel Kankovsky (Oct 12)
    - Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype KJK::Hyperion (Oct 17)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Brett Moore (Oct 09)
- URI handling woes in Acrobat Reader, Netscape, Miranda, Skype kriz . Full-Disclosure (Oct 09)