Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Beginners error: iTunes for Windows runs rogue program C:\Program.exe when opening associated files

From: "Stefan Kanthak" <stefan.kanthak () nexgo de>
Date: Fri, 16 May 2014 17:18:44 +0200
Hi @ll,


the current version of iTunes for Windows (and of course older versions
too) associates the following vulnerable command lines with some of the
supported file types/extensions:


[...]

The just released iTunes 11.2 still has this beginners error.

Unpack the iTunesSetup.exe (this is basically a .CAB archive), use your
favorite MSI editor and take a look at the 'registry' table of iTunes.msi:

[HKEY_CLASSES_ROOT\daap\shell\open\command]
@="[#iTunes.exe] /url ""%1"""

[HKEY_CLASSES_ROOT\itms\shell\open\command]
@="[#iTunes.exe] /url ""%1"""

[HKEY_CLASSES_ROOT\itmss\shell\open\command]
@="[#iTunes.exe] /url ""%1"""

[HKEY_CLASSES_ROOT\itsradio\shell\open\command]
@="[#iTunes.exe] /url ""%1"""

[HKEY_CLASSES_ROOT\itunesradio\shell\open\command]
@="[#iTunes.exe] /url ""%1"""

[HKEY_CLASSES_ROOT\itpc\shell\open\command]
@="[#iTunes.exe] /url ""%1"""

[HKEY_CLASSES_ROOT\itls\shell\open\command]
@="[#iTunes.exe] /url ""%1"""

[HKEY_CLASSES_ROOT\iTunes\shell\open\command]
@="[#iTunes.exe] /url ""%1"""

[HKEY_CLASSES_ROOT\pcast\shell\open\command]
@="[INSTALLDIR]iTunes.exe /url ""%1"""

[HKEY_CLASSES_ROOT\iTunes.AssocProtocol.daap\shell\open\command]
@="[INSTALLDIR]iTunes.exe /url ""%1"""

[HKEY_CLASSES_ROOT\iTunes.AssocProtocol.itls\shell\open\command]
@="[INSTALLDIR]iTunes.exe /url ""%1"""

[HKEY_CLASSES_ROOT\iTunes.AssocProtocol.itms\shell\open\command]
@="[INSTALLDIR]iTunes.exe /url ""%1"""

[HKEY_CLASSES_ROOT\iTunes.AssocProtocol.itmss\shell\open\command]
@="[INSTALLDIR]iTunes.exe /url ""%1"""

[HKEY_CLASSES_ROOT\iTunes.AssocProtocol.itpc\shell\open\command]
@="[INSTALLDIR]iTunes.exe /url ""%1"""

[HKEY_CLASSES_ROOT\iTunes.AssocProtocol.pcast\shell\open\command]
@="[INSTALLDIR]iTunes.exe /url ""%1"""

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Media\iTunes\shell\open\command]
@="[#iTunes.exe]"

Will they EVER learn?

Stefan Kanthak


PS: iTunes.msi installs a completely OUTDATED and (of course) VULNERABLE
    version 3.0.8449.0 of ATL.DLL into Windows' system directory.
    This ATL.DLL is for the unsupported and long abandoned platforms
    Windows NT4 (sic!) and Windows 9x/ME (even sicker!).

    A newer version of this file is part of ALL supported versions of
    Windows and MUST NOT be redistributed or installed there; see the
    "requirements" in <http://msdn.microsoft.com/en-us/library/ms954376.aspx>!


[HKEY_CLASSES_ROOT\TypeLib\{44EC0535-400F-11D0-9DCD-00A0C90391D3}\1.0]
@="ATL 2.0 Type Library"

[HKEY_CLASSES_ROOT\TypeLib\{44EC0535-400F-11D0-9DCD-00A0C90391D3}\1.0\FLAGS]
@="0"

[HKEY_CLASSES_ROOT\TypeLib\{44EC0535-400F-11D0-9DCD-00A0C90391D3}\1.0\0\win32]
@="[#Global_VC_ATLANSI_f0.7EBEDD68_AA66_11D2_B980_006097C4DE24]"

[HKEY_CLASSES_ROOT\TypeLib\{44EC0535-400F-11D0-9DCD-00A0C90391D3}\1.0\HELPDIR]
@="[SystemFolder]\"

[HKEY_CLASSES_ROOT\TypeLib\{44EC0535-400F-11D0-9DCD-00A0C90391D3}\1.0]
@="ATL 2.0 Type Library"

[HKEY_CLASSES_ROOT\TypeLib\{44EC0535-400F-11D0-9DCD-00A0C90391D3}\1.0\FLAGS]
@="0"

[HKEY_CLASSES_ROOT\TypeLib\{44EC0535-400F-11D0-9DCD-00A0C90391D3}\1.0\0\win32]
@="[#Global_VC_ATLUnicode_f1.7EBEDD68_AA66_11D2_B980_006097C4DE24]"

[HKEY_CLASSES_ROOT\TypeLib\{44EC0535-400F-11D0-9DCD-00A0C90391D3}\1.0\HELPDIR]
@="[SystemFolder]\"

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: