Full Disclosure mailing list archives

Re: MSN Messenger is vulnerable to the shell: hole

From: "Lan Guy" <rlanguy () hotmail com>
Date: Sun, 11 Jul 2004 16:43:05 +0300

you are missing the point.
in the IE example a user goes to browse a page and then the is executed on
the users computer.

In the messenger and MS Word examples you have given the user is just
launching a process locally.


----- Original Message ----- 
From: "Jesse Ruderman" <jruderman () hmc edu>
To: <Full-Disclosure () lists netsys com>
Sent: Sunday, July 11, 2004 1:11 PM
Subject: [Full-disclosure] MSN Messenger is vulnerable to the shell: hole

Clicking a shell:windows\notepad.exe link in MSN Messenger 6.2.0137
launches Notepad.  MSN Messenger even recognizes shell: as a protocol
and helpfully hyperlinks the URL.

Ctrl+clicking a shell:windows\notepad.exe link in Microsoft Word
10.2627.3311 launches Notepad.

What others Windows programs (browsers, e-mail clients, IM clients, word
processors, etc.) are vulnerable to the shell: hole?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

MSN Messenger is vulnerable to the shell: hole Jesse Ruderman (Jul 11)
- Re: MSN Messenger is vulnerable to the shell: hole Lan Guy (Jul 11)
- <Possible follow-ups>
- Re: MSN Messenger is vulnerable to the shell: hole http-equiv () excite com (Jul 11)