Re: Defense in depth -- the Microsoft way (part 9): erroneous documentation

["Stefan Kanthak" <stefan.kanthak () nexgo de>]

> I am truly shocked that seemingly, stuff like this needs to be said in
> the year of 2013.

Completely right!

> I'd have supposed that things like these should be known by *anyone*
> doing anything even remotely similar to software development *at least*
> since the end of the 8.3 filename era 15 years ago.

Again: completely right!

> Are you sure this is real and not a prank? o_O

This is real: see <https://support.microsoft.com/kb/2781197> alias
<http://technet.microsoft.com/security/bulletin/ms13-034> or
<http://seclists.org/fulldisclosure/2013/May/10> for exactly this "stuff".

And dont forget to read <http://seclists.org/fulldisclosure/2013/Aug/75>
as well as <http://seclists.org/fulldisclosure/2013/May/14>


Also see <https://bugzilla.mozilla.org/show_bug.cgi?id=871084>,
<https://bugzilla.mozilla.org/show_bug.cgi?id=786407> and
<https://bugzilla.mozilla.org/show_bug.cgi?id=868746> and notice
especially how a Mozilla developer tries to weazel and ignore
<http://msdn.microsoft.com/ibrary/ms997548.aspx>!


JFTR: Windows is the ONLY system that covers such silly beginners errors
      due to the documented idiosyncrasy of CreateProcess() (see
      <http://msdn.microsoft.com/library/ms682425.aspx).


Finally take a look at the registry subkey

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

of your own Windows installation (if you have one): you'll most probably
find unquoted pathnames in "UninstallString", for example:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SumatraPDF]
"UninstallString"="C:\\Program Files\\SumatraPDF\\uninstall.exe"


regards
Stefan

> regards
> Pascal Ernster

[ fullquote removed ]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/