Full Disclosure mailing list archives

Re: Re: HelpCtr - allow open any page or run

From: dlimanov () sct com
Date: Tue, 10 Feb 2004 13:09:51 -0500


Negative on fully patched US version of XP Pro.

-Dimitri



|---------+-------------------------------------->
|         |           "Richard Maudsley"         |
|         |           <r_i_c_h_lists@btopenworld.|
|         |           com>                       |
|         |           Sent by:                   |
|         |           full-disclosure-admin@lists|
|         |           .netsys.com                |
|         |                                      |
|         |                                      |
|         |           02/10/2006 12:07 PM        |
|         |                                      |
|---------+-------------------------------------->
  >--------------------------------------------------------------------------------------------------------------|
  |                                                                                                              |
  |       To:       full-disclosure () lists netsys com                                                             |
  |       cc:                                                                                                    |
  |       Subject:  Re: [Full-disclosure] Re: HelpCtr - allow open any page or run                               |
  >--------------------------------------------------------------------------------------------------------------|



Nope, me neither.

-Rich

List,

I couldn't reproduce this on patched XP. Anyone?
If so, we'll need YA workaround :(>
Erik

On 7 Feb 2004 21:49:26 -0000 "Bartosz Kwitkowski" wrote:

To: BugTraq
Subject: HelpCtr - allow open any page or run
Date: Feb 7 2004 9:49PM
Author: Bartosz Kwitkowski <bartosz wb pl>
Message-ID: <20040207214926.28580.qmail () www securityfocus com>

We can use Help Center to open any page or run any file.

 hcp://services/layout/contentonly?topic=...

where ... is a correct URL

http:// for page
file:/// for run (remember use / (slash) in path e.g.

c:/windows/system32/...


Archives of original message:
http://www.securityfocus.com/archive/1/353248
http://seclists.org/lists/bugtraq/2004/Feb/0248.html

PS I don't subscribe Bugtraq, just read the web archives

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: HelpCtr - allow open any page or run Erik van Straten (Feb 10)
- Re: Re: HelpCtr - allow open any page or run Richard Maudsley (Feb 10)
  - RE: Re: HelpCtr - allow open any page or run Aditya, ALD [Aditya Lalit Deshmukh] (Feb 12)
    - Re: Re: HelpCtr - allow open any page or run morning_wood (Feb 13)
    - RE: Re: HelpCtr - allow open any page or run Aditya, ALD [Aditya Lalit Deshmukh] (Feb 14)
  - Microsoft Windows ASN.1 LSASS.EXE Remote Exploit (MS04-007) Stephen (Feb 14)
- Re: Re: HelpCtr - allow open any page or run Erik van Straten (Feb 10)
- <Possible follow-ups>
- Re: Re: HelpCtr - allow open any page or run dlimanov (Feb 10)
  - new security patches posted on Microsoft Exibar (Feb 10)