Bugtraq mailing list archives
Re: KaZaA
From: "Alex Lambert" <alambert () webmaster com>
Date: Fri, 18 Oct 2002 15:55:57 -0500
Kazaa's IE control (at least in 1.7.x) seems to treat certain URLs differently, too, which could pose a problem. For example, http://localhost/KazaaSearchQuery performs a search (a form for this is displayed on desktop.kazaa.com). Putting more than 272 bytes into the query argument causes a crash; I haven't checked if it's posisble to run malicious code with this. apl ----- Original Message ----- From: "David Krum" <frobnitz () msn com> To: <bugtraq () securityfocus com> Sent: Friday, October 18, 2002 11:33 AM Subject: KaZaA
I'm concerned about all the applications which utilize ie browser
controls.
There are a lot of adware programs with little ads. Some of these ads
have
activex, java, flash, js. Any one of these capabilities in the wrong zone could be dangerous. My attention was first drawn to this when I noticed KaZaA launching popups sourced from the local hard disk. Surely these ads are running in the
local
zone. To use software that does this I have to trust them to audit the
ads
given to them? _________________________________________________________________ Broadband? Dial-up? Get reliable MSN Internet Access. http://resourcecenter.msn.com/access/plans/default.asp