Full Disclosure mailing list archives
Re: MSN Messenger is vulnerable to the shell: hole
From: "Lan Guy" <rlanguy () hotmail com>
Date: Sun, 11 Jul 2004 16:43:05 +0300
you are missing the point. in the IE example a user goes to browse a page and then the is executed on the users computer. In the messenger and MS Word examples you have given the user is just launching a process locally. ----- Original Message ----- From: "Jesse Ruderman" <jruderman () hmc edu> To: <Full-Disclosure () lists netsys com> Sent: Sunday, July 11, 2004 1:11 PM Subject: [Full-disclosure] MSN Messenger is vulnerable to the shell: hole
Clicking a shell:windows\notepad.exe link in MSN Messenger 6.2.0137 launches Notepad. MSN Messenger even recognizes shell: as a protocol and helpfully hyperlinks the URL. Ctrl+clicking a shell:windows\notepad.exe link in Microsoft Word 10.2627.3311 launches Notepad. What others Windows programs (browsers, e-mail clients, IM clients, word processors, etc.) are vulnerable to the shell: hole? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MSN Messenger is vulnerable to the shell: hole Jesse Ruderman (Jul 11)
- Re: MSN Messenger is vulnerable to the shell: hole Lan Guy (Jul 11)
- <Possible follow-ups>
- Re: MSN Messenger is vulnerable to the shell: hole http-equiv () excite com (Jul 11)