Bugtraq mailing list archives
Re[3]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Mon, 8 Oct 2007 13:19:29 +0400
Dear Thierry Zoller, --Saturday, October 6, 2007, 9:06:51 PM, you wrote to bugtraq () securityfocus com: TZ> Dear Geo., G>> If the application is what exposes the URI handling routine to untrusted G>> code from the internet, TZ> Sorry, Untrusted code from the internet ? TZ> The user clicks on a mailto link, is that untrusted code? TZ> Or the mailto link is clicked for him. What URL is is defined by RFC 1738, what mailto: is is defined by RFC 2368. String in question is definetly _not_ URL because of %xx and ". Double quote is URL delimiter and is not a part of URL, in this case application incorrectly parses and highlights URL (it should stop before "). %xx is invalid character encoding. And altogether it's, for sure, not mailto: URL. Passing unchecked user input to function called ShellExecute(), where URL is expected, is a bug. So, while there is a security vulnerability in Windows, there is also security vulnerability in mIRC, Acrobat Reader, Netscape, Miranda, Skype, because ShellExecute() behaviour is not defined for the case non-URL data is passed to URL processor. -- ~/ZARAZA http://securityvulns.com/
Current thread:
- RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype, (continued)
- RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Roger A. Grimes (Oct 05)
- Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Thierry Zoller (Oct 06)
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Geo. (Oct 06)
- Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Thierry Zoller (Oct 06)
- Re: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Kurt Dillard (Oct 06)
- Re: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Glynn Clements (Oct 09)
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Geo. (Oct 09)
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype KJK::Hyperion (Oct 09)
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype KJK::Hyperion (Oct 09)
- Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Thierry Zoller (Oct 11)
- Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Thierry Zoller (Oct 06)
- RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Roger A. Grimes (Oct 05)
- Re[3]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype 3APA3A (Oct 09)
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Geo. (Oct 09)
- Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Thierry Zoller (Oct 09)
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Geo. (Oct 09)
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Valdis . Kletnieks (Oct 09)
- Message not available
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype gjgowey (Oct 09)
- Message not available
- Fwd: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype merigoth (Oct 11)
- Message not available
- Third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) available KJK::Hyperion (Oct 15)
- Re: Third-party patch for CVE-2007-3896, UPDATE NOW KJK::Hyperion (Oct 17)
- Re: URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Thierry Zoller (Oct 11)
- RE: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Roger A. Grimes (Oct 09)