Full Disclosure mailing list archives
Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Mon, 8 Oct 2007 13:19:29 +0400
Dear Thierry Zoller, --Saturday, October 6, 2007, 9:06:51 PM, you wrote to bugtraq () securityfocus com: TZ> Dear Geo., G>> If the application is what exposes the URI handling routine to untrusted G>> code from the internet, TZ> Sorry, Untrusted code from the internet ? TZ> The user clicks on a mailto link, is that untrusted code? TZ> Or the mailto link is clicked for him. What URL is is defined by RFC 1738, what mailto: is is defined by RFC 2368. String in question is definetly _not_ URL because of %xx and ". Double quote is URL delimiter and is not a part of URL, in this case application incorrectly parses and highlights URL (it should stop before "). %xx is invalid character encoding. And altogether it's, for sure, not mailto: URL. Passing unchecked user input to function called ShellExecute(), where URL is expected, is a bug. So, while there is a security vulnerability in Windows, there is also security vulnerability in mIRC, Acrobat Reader, Netscape, Miranda, Skype, because ShellExecute() behaviour is not defined for the case non-URL data is passed to URL processor. -- ~/ZARAZA http://securityvulns.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype, (continued)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype KJK::Hyperion (Oct 07)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Thierry Zoller (Oct 09)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Gregory Rubin (Oct 09)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Geo. (Oct 07)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Lamer Buster (Oct 07)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype KJK::Hyperion (Oct 07)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Geo. (Oct 06)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype James Matthews (Oct 07)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Thierry Zoller (Oct 07)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Geo. (Oct 07)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype 3APA3A (Oct 08)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Thierry Zoller (Oct 09)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Valdis . Kletnieks (Oct 07)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Geo. (Oct 07)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype KJK::Hyperion (Oct 07)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype gjgowey (Oct 07)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype john lokka (Oct 09)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype KJK::Hyperion (Oct 09)
- Third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) available KJK::Hyperion (Oct 13)
- Re: Third-party patch for CVE-2007-3896, UPDATE NOW KJK::Hyperion (Oct 17)
- I made third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) KJK::Hyperion (Oct 14)