Bugtraq mailing list archives

RE: Re: is predicatable file location a vuln? (was RE: Aol Instant Messenger/Microsoft Internet Explorer remote code execution)

From: "Drew Copley" <dcopley () eeye com>
Date: Fri, 20 Feb 2004 14:58:07 -0800

-----Original Message-----
From: http-equiv () excite com [mailto:1 () malware com] 
Sent: Friday, February 20, 2004 1:37 PM
To: bugtraq () securityfocus com
Subject: Re: is predicatable file location a vuln? (was RE: 
Aol Instant Messenger/Microsoft Internet Explorer remote code 
execution)



<!--

Being able to store arbitrary content in a predictable file 
location is  a vulnerability category of its own


An interesting category, for sure.  I think this point deserves 
discussion.  Is the use of  predictable file locations really a 
vulnerability?

 -->

If it isn't it should be. I'll give you four that have been put 
on the back-burner for later realization (make a note that this 
will be fair warning to the vendor):


If the predictable path involves server or client access, then it is
definitely a security bug. It may be moderate or low risk depending on
the potentiality of abuse and perhaps other factors. But, as a security
bug it should be higher risk then high risk, non-security issues.

With Internet Explorer or Outlook or Winamp and so on... These kinds of
client applications have shown that these issues tend more towards being
moderate security issues of the "configuration error" type.

Anyway, not to be dogmatic, but I do believe this is reasonable. 

If Microsoft is not fixing these issues because they do not consider
them security issues nor even bugs then they are obviously negligent and
grossly so. 



<snip>


The vendor in all cases, just cannot be bothered to fix any of 
these things. Simply does not care. It seems that the new mantra 
is "none of our customer's are affected by it" so let's not fix 
it.

WATCH OUT !

All these will culminate in yet another STENCH ! exploit sooner 
or later.

That is a true predicatable path.


End Call


-- 
http://www.malware.com

Current thread:

is predicatable file location a vuln? (was RE: Aol Instant Messenger/Microsoft Internet Explorer remote code execution) Stuart Moore (Feb 20)
- <Possible follow-ups>
- RE: is predicatable file location a vuln? (was RE: Aol Instant Messenger/Microsoft Internet Explorer remote code execution) Drew Copley (Feb 20)
- Re: is predicatable file location a vuln? (was RE: Aol Instant Messenger/Microsoft Internet Explorer remote code execution) http-equiv () excite com (Feb 20)
- RE: Re: is predicatable file location a vuln? (was RE: Aol Instant Messenger/Microsoft Internet Explorer remote code execution) Drew Copley (Feb 20)