Full Disclosure mailing list archives
MSN Messenger is vulnerable to the shell: hole
From: Jesse Ruderman <jruderman () hmc edu>
Date: Sun, 11 Jul 2004 05:11:41 -0500
Clicking a shell:windows\notepad.exe link in MSN Messenger 6.2.0137 launches Notepad. MSN Messenger even recognizes shell: as a protocol and helpfully hyperlinks the URL.
Ctrl+clicking a shell:windows\notepad.exe link in Microsoft Word 10.2627.3311 launches Notepad.
What others Windows programs (browsers, e-mail clients, IM clients, word processors, etc.) are vulnerable to the shell: hole?
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MSN Messenger is vulnerable to the shell: hole Jesse Ruderman (Jul 11)
- Re: MSN Messenger is vulnerable to the shell: hole Lan Guy (Jul 11)
- <Possible follow-ups>
- Re: MSN Messenger is vulnerable to the shell: hole http-equiv () excite com (Jul 11)