Full Disclosure mailing list archives
Re: Notepad popups in Internet Explorer and Out look
From: "Levinson, Karl" <LevinsonK () STARS-SMI com>
Date: Mon, 11 Aug 2003 12:24:15 -0400
Microsoft stated in the following article concerning a different vulnerability: http://www.microsoft.com/technet/security/bulletin/MS02-015.asp "The vulnerability would not enable the attacker to pass any parameters to the program. Microsoft is not aware of any programs installed by default in any version of Windows that, when called with no parameters, could be used to compromise the system." I could be wrong, but I would imagine this limitation would also apply to this Notepad / Wordpad popup issue and prevent it from being anything more than an annoyance... unless someone was able to, for example, use a different vulnerability beforehand to inject a new version of notepad.exe, sort of like the way the Mimail worm used the MS02-015 vulnerability above. -----Original Message----- From: Stephen Clowater [mailto:steve () stevesworld hopto org] Sent: Friday, August 08, 2003 11:45 AM To: Richard M. Smith; full-disclosure () lists netsys com Subject: [despammed] Re: [Full-disclosure] Notepad popups in Internet Explorer and Outlook I've heard people discusses the possibilities of useing this to execute arbitray code before, however, I've never managed to replicate anyones findings on this yet, however there has been quite a bit of talk on other lists in the past, and I've been asked by people to look into it but I cant seem to find anything ethier Supposivly you can use the same flaw to execute arbitrary code, however, I've been unable to see it replicated yet, so I wouldnt put much stalk into it. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Notepad popups in Internet Explorer and Out look Levinson, Karl (Aug 11)
- Re: Notepad popups in Internet Explorer and Out look Stephen Clowater (Aug 11)