Full Disclosure mailing list archives
Re: [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability
From: "T Biehn" <tbiehn () gmail com>
Date: Thu, 17 Jan 2008 13:19:45 -0500
Fredrick Diggle is a genius zoo workers... Don't sully his artistic mastery with your narrow interpretations. On Jan 17, 2008 12:56 PM, Nate McFeters <nate.mcfeters () gmail com> wrote:
Not to through fuel on the fire, but wouldn't that XSS actually be in IE, since IE is what opens the file? Could've been a funny joke though, a real knee slapper. Nate On 1/17/08, Fredrick Diggle <fdiggle () gmail com> wrote:####################################################################### Fredrick Diggle Security Advisory Application: Notepad Versions: 5.1.2600.2180 verified to be vulnerable Platforms: Microsoft Windows (All Versions) Bugs: Cross Site Scripting (XSS) Severity: Critically High Date: 17 Jan 2008 Credit: Estr Hinan ####################################################################### 1) Introduction 2) Bugs 4) Fix ####################################################################### =============== 1) Introduction =============== Fredrick Diggle Security Services is probably the best application security researchers on the scene this month. They have identified several hundred thousand vulnerabilities this week for which Priv8 0dayz have been developed. Fredrick Diggle Security Team periodically releases several of these vulnerabilities to the community at large (Pre Vendor Release!!!!). Fred Diggle would like to ensure that you understand this is 0DAY!!!. The vendors are completely unaware of this vulnerabilities. ####################################################################### ======= 2) Bug ======= Notepad is a utility which is built into all current versions of Microsoft Windows. Notepad contains a highly exploitable stored cross-site scripting vulnerability when files are saved with the following extensions: htm html Other extensions may also be vulnerable in your environment depending on configuration. When arbitrary javascript code is entered into the notepad text window and saved using one of the vulnerable extensions a payload file is created. When an innocent user opens this payload file cross-site scripting occurs. ####################################################################### ======= 3) Proof of Concept ======= 1. Open Notepad 2. Enter the following text <script>alert("xss");</script> 3. Save file as "exploit.html" 4. double click the payload file ####################################################################### ====== 4) Fix ====== Notepad should be rewritten to filter potentially dangerous characters. Characters can be converted to their html encoded equivalents. ####################################################################### _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability Fredrick Diggle (Jan 17)
- Re: [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability Nate McFeters (Jan 17)
- Re: [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability T Biehn (Jan 17)
- Re: [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability M . B . Jr . (Jan 17)
- Re: [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability str0ke (Jan 17)
- Re: [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability worried security (Jan 17)
- Re: [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability Sascha Roeske (Jan 17)
- Re: [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability Fredrick Diggle (Jan 17)
- Re: [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability BlackHawk (Jan 17)
- Re: [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability M . B . Jr . (Jan 17)
- Re: [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability Nate McFeters (Jan 17)