Bugtraq mailing list archives
The money: protocol in Internet Explorer
From: smiths () TIAC NET (Richard M. Smith)
Date: Mon, 20 Dec 1999 17:12:42 -0500
Hello, Here is an interesting problem that I haven't had the time to looking into fully. Maybe someone else can give it a shot. If a computer has both Internet Explorer and Microsoft Money installed on it, Money adds a protocol named "money:" to IE. If one goes to the IE address box and types in "money:", Microsoft Money will start up. The protocol also works in a JavaScript window.open call. This means that Microsoft Money can be started remotely from a Web site or from an HTML-based Email message. Some interesting questions here: - Does the money: protocol have any buffer overflow errors such that x86 code can be injected into Money and then executed? - What is the URL format for the money: protocol? For example, can one do something like the following: money://transfer?from_acct=myaccount&to_bank=swiss_bank&to_acct_no=12345&amo unt=10000.00 - If remote attacks are possible, how can the money: protocol be turned off in Web pages and Email messages, but still have Microsoft Money work properly? Microsoft was demoing Money 2000 at Comdex, and I showed the money: protocol in IE to the Microsoft guy running the demo station. His eyes got big as saucers.......:-) Richard ========================================== Richard M. Smith Internet consultant Email: smiths () tiac net http://www.tiac.net/users/smiths ==========================================
Current thread:
- Re: FTP denial of service attack, (continued)
- Re: FTP denial of service attack Henrik Nordstrom (Dec 07)
- Re: FTP denial of service attack Darren Reed (Dec 07)
- Re: FTP denial of service attack Theo de Raadt (Dec 07)
- Re: FTP denial of service attack Darren Reed (Dec 07)
- Re: FTP denial of service attack Gregory A Lundberg (Dec 10)
- RSAREF2 buffer overflow patch Gerardo Richarte (Dec 10)
- Re: new IE5 remote exploit Shane Hird (Dec 07)
- NT WinLogon VM contains plaintext password visible in admin mode Robert Horvick (Dec 07)
- Re: NT WinLogon VM contains plaintext password visible in admin mode Chris Paget (Dec 08)
- [Debian] New version of sendmail released Aleph One (Dec 07)
- The money: protocol in Internet Explorer Richard M. Smith (Dec 20)
- Re: The money: protocol in Internet Explorer David Litchfield (Dec 21)
- Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability Ussr Labs (Dec 20)