Full Disclosure mailing list archives
Re: Re: shell:windows
From: Barry Fitzgerald <bkfsec () sdf lonestar org>
Date: Mon, 12 Jul 2004 10:51:50 -0400
Nick Eoannidis wrote:
Larry Seltzer eWEEK.com Security Center Editor -- buddy, the shell:windows URI handler was disabled in IE ages ago! The fact it can be crafted into an exploit for Mozilla! is the issue here. Of course it wont work on your IE your probably patched to the max! Mozilla just forgot to disable access to this URI due to the fact that mozilla was first built for nix and not windoze. All versions of mozilla have been fixed now
Actually, that's not entirely accurate.The shell:windows code does work in IE, the only difference being that it displays a dialogue box when referenced asking if the user wishes to open or save the file. Combine that with a little social engineering and you've got a potential compromise.
Also, when the shell:windows reference is input into IE's address bar field, it executes the code without a a dialogue box...
I think that some of you may see where that's going... -Barry _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: shell:windows Nick Eoannidis (Jul 10)
- Re: Re: shell:windows Barry Fitzgerald (Jul 12)
- RE: Re: shell:windows Larry Seltzer (Jul 12)
- <Possible follow-ups>
- Re: Re: shell:windows Barry Fitzgerald (Jul 12)
- RE: Re: shell:windows Larry Seltzer (Jul 12)
- Re: Re: shell:windows Barry Fitzgerald (Jul 12)
- Re: Re: shell:windows Nick FitzGerald (Jul 12)
- RE: Re: shell:windows Perrymon, Josh L. (Jul 12)
- Re: Re: shell:windows Barry Fitzgerald (Jul 12)