Full Disclosure mailing list archives
Re: Defense in depth -- the Microsoft way (part 9): erroneous documentation
From: adam <adam () papsy net>
Date: Sat, 31 Aug 2013 11:20:47 -0500
I'm on the same page as Pascal, what is the point of this? The part that really stands out for me is how Microsoft is being singled out here. If it's about their documentation, then it's not really about a vulnerability. If it's NOT about their documentation, then you'd be hard pressed to find a platform that _doesn't_ work this way. On Sat, Aug 31, 2013 at 8:37 AM, <hardfalcon () hardfalcon net> wrote:
I am truly shocked that seemingly, stuff like this needs to be said in the year of 2013. I'd have supposed that things like these should be known by *anyone* doing anything even remotely similar to software development *at least* since the end of the 8.3 filename era 15 years ago. Are you sure this is real and not a prank? o_O regards Pascal Ernster On 31.08.2013 12:58, Stefan Kanthak wrote:Hi, in <http://seclists.org/fulldisclosure/2013/Aug/75> I documented beginners errors (unquoted pathnames containing spaces) not only in Microsoft products. Microsofts developer documentation but shows these beginners errors too (and is inconsistent, even in single topics). Examples: <http://msdn.microsoft.com/library/cc144171.aspx> | HKEY_CLASSES_ROOT | txtile ... | Shell ... | cmd2 ... | command | (Default) = C:\Program Files\Windows NT\Accessories\wordpad.exe %1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ <http://msdn.microsoft.com/library/bb165967.aspx> | [HKEY_CLASSES_ROOT\Applications\VSLauncher.exe\Shell\Open\Command] | @="C:\\Program Files\\Common Files\\Microsoft Shared\\MSEnv\\VSLauncher.exe \"%1\"" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | [HKEY_CLASSES_ROOT\VisualStudio.csproj.8.0\shell\Open\Command] | @="\"C:\\Program Files\\Common Files\\Microsoft Shared\\MSEnv\\VSLauncher.exe\" \"%1\"" <http://msdn.microsoft.com/library/cc144083.aspx> | HKEY_LOCAL_MACHINE | SOFTWARE | Classes | contoso-search | shell | open | command | (Default) = "%ProgramFiles%\Contoso\Search\contososearch.exe %1" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ <http://msdn.microsoft.com/library/cc144154.aspx> | HKEY_LOCAL_MACHINE | SOFTWARE | Classes | LitwarePlayer11.AssocFile.... ... | shell | open | command | (Default) = %ProgramFiles%\Litware\litware.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <http://msdn.microsoft.com/library/hh127450.aspx> | HKEY_CLASSES_ROOT | CLSID | {0052D9FC-6764-4D29-A66F-2F3BD9E2BB40} | Shell | Open | Command | (Default) = [REG_EXPAND_SZ] %ProgramFiles%\MyCorp\MyApp.exe /Settings ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <http://msdn.microsoft.com/library/cc144188.aspx> | <sh:task id="{3B75A7AE-C4E4-4E5A-9420-7CECCDA75425}"> | <!-- This is a generated GUID, specific to this task link --> | <sh:name>@myTextResources.dll,-100</sh:name> | <sh:keywords>@myTextResources.dll,-101</sh:keywords> | <sh:command>%ProgramFiles%\Microsoft Games\Solitaire\solitaire.exe</sh:command> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | </sh:task> Example with ambiguous/inconsistent use of quotes: <http://msdn.microsoft.com/en-us/library/aa767914.aspx> | HKEY_CLASSES_ROOT | alert | (Default) = "URL:Alert Protocol" ^ ^ | URL Protocol = "" ^^ | DefaultIcon | (Default) = "alert.exe,1" ^ ^ | shell | open | command | (Default) = "C:\Program Files\Alert\alert.exe" "%1" Counterexamples: <http://msdn.microsoft.com/library/cc144175.aspx> <http://msdn.microsoft.com/library/cc144101.aspx> | Note: If any element of the command string contains or might contain | spaces, it must be enclosed in quotation marks. Otherwise, if the | element contains a space, it will not parse correctly. For instance, | "My Program.exe" starts the application properly. If you use | My Program.exe without quotation marks, then the system attempts to | launch My with Program.exe as its first command line argument. You | should always use quotation marks with arguments such as "%1" that are | expanded to strings by the Shell, because you cannot be certain that | the string will not contain a space. <http://msdn.microsoft.com/library/dd203067.aspx> <http://msdn.microsoft.com/library/cc144109.aspx> regards Stefan Kanthak _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Defense in depth -- the Microsoft way (part 9): erroneous documentation Stefan Kanthak (Aug 31)
- Re: Defense in depth -- the Microsoft way (part 9): erroneous documentation hardfalcon (Aug 31)
- Re: Defense in depth -- the Microsoft way (part 9): erroneous documentation adam (Aug 31)
- Re: Defense in depth -- the Microsoft way (part 9): erroneous documentation hardfalcon (Aug 31)