Full Disclosure mailing list archives

Re: Re: HelpCtr - allow open any page or run

From: "Richard Maudsley" <r_i_c_h_lists () btopenworld com>
Date: Fri, 10 Feb 2006 17:07:57 +0000

Nope, me neither.

-Rich

List,

I couldn't reproduce this on patched XP. Anyone?
If so, we'll need YA workaround :(

Erik

On 7 Feb 2004 21:49:26 -0000 "Bartosz Kwitkowski" wrote:

To: BugTraq
Subject: HelpCtr - allow open any page or run
Date: Feb 7 2004 9:49PM
Author: Bartosz Kwitkowski <bartosz wb pl>
Message-ID: <20040207214926.28580.qmail () www securityfocus com>

We can use Help Center to open any page or run any file.

 hcp://services/layout/contentonly?topic=...

where ... is a correct URL

http:// for page
file:/// for run (remember use / (slash) in path e.g. c:/windows/system32/...


Archives of original message:
http://www.securityfocus.com/archive/1/353248
http://seclists.org/lists/bugtraq/2004/Feb/0248.html

PS I don't subscribe Bugtraq, just read the web archives

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: HelpCtr - allow open any page or run Erik van Straten (Feb 10)
- Re: Re: HelpCtr - allow open any page or run Richard Maudsley (Feb 10)
  - RE: Re: HelpCtr - allow open any page or run Aditya, ALD [Aditya Lalit Deshmukh] (Feb 12)
    - Re: Re: HelpCtr - allow open any page or run morning_wood (Feb 13)
    - RE: Re: HelpCtr - allow open any page or run Aditya, ALD [Aditya Lalit Deshmukh] (Feb 14)
  - Microsoft Windows ASN.1 LSASS.EXE Remote Exploit (MS04-007) Stephen (Feb 14)
- Re: Re: HelpCtr - allow open any page or run Erik van Straten (Feb 10)
- <Possible follow-ups>
- Re: Re: HelpCtr - allow open any page or run dlimanov (Feb 10)
  - new security patches posted on Microsoft Exibar (Feb 10)