Bugtraq mailing list archives

Re: KaZaA

From: "Alex Lambert" <alambert () webmaster com>
Date: Fri, 18 Oct 2002 15:55:57 -0500


Kazaa's IE control (at least in 1.7.x) seems to treat certain URLs
differently, too, which could pose a problem. For example,
http://localhost/KazaaSearchQuery performs a search (a form for this is
displayed on desktop.kazaa.com). Putting more than 272 bytes into the query
argument causes a crash; I haven't checked if it's posisble to run malicious
code with this.



apl
----- Original Message -----
From: "David Krum" <frobnitz () msn com>
To: <bugtraq () securityfocus com>
Sent: Friday, October 18, 2002 11:33 AM
Subject: KaZaA

I'm concerned about all the applications which utilize ie browser

controls.

There are a lot of adware programs with little ads.  Some of these ads

have

activex, java, flash, js.  Any one of these capabilities in the wrong zone
could be dangerous.

My attention was first drawn to this when I noticed KaZaA launching popups
sourced from the local hard disk.  Surely these ads are running in the

local

zone.  To use software that does this I have to trust them to audit the

ads

given to them?

_________________________________________________________________
Broadband? Dial-up? Get reliable MSN Internet Access.
http://resourcecenter.msn.com/access/plans/default.asp

Current thread:

KaZaA David Krum (Oct 18)
- Re: KaZaA Nicholas C. Weaver (Oct 18)
- RE: KaZaA Brenna Primrose (Oct 18)
- Re: KaZaA Alex Lambert (Oct 18)
- Re: KaZaA eD\/ARd0 F/\KEn^M3 (Oct 19)
- <Possible follow-ups>
- RE: KaZaA Christopher Wagner (Oct 18)