Bugtraq mailing list archives
RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
From: "Jim Slora" <Jim.Slora () phra com>
Date: Mon, 8 Oct 2007 10:24:38 -0400
Roger A. Grimes wrote Friday, October 05, 2007 3:54 PM
I'm asking, with genuine interest and a listening ear, what is the best long termsolution you envision, to solve the larger problem?
Apparently the long term solution is for third-party apps to point blame at Microsoft, and for Microsoft to point blame at third-party apps. They are both right except in absolving themselves.
To start with this problem does not exist under IE6, regardless of third-party protocol handler vulnerability. So the question is, why did it open up after installing IE7? This portion is for Microsoft to address - either it is a required consequence of new functionality that they should reconsider, or it is a mistake that they should fix.
The individual third-party applications also need to sanitize their input of course.
Current thread:
- Fwd: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype, (continued)
- Message not available
- Fwd: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype merigoth (Oct 11)
- Message not available
- Third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) available KJK::Hyperion (Oct 15)
- Re: Third-party patch for CVE-2007-3896, UPDATE NOW KJK::Hyperion (Oct 17)
- Re: URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Thierry Zoller (Oct 11)
- RE: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Roger A. Grimes (Oct 09)
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Morning Wood (Oct 09)