Full Disclosure mailing list archives
Re: Beginners error: iTunes for Windows runs rogue program C:\Program.exe when opening associated files
From: "Stefan Kanthak" <stefan.kanthak () nexgo de>
Date: Fri, 16 May 2014 17:18:44 +0200
Hi @ll,
the current version of iTunes for Windows (and of course older versions too) associates the following vulnerable command lines with some of the supported file types/extensions:
[...] The just released iTunes 11.2 still has this beginners error. Unpack the iTunesSetup.exe (this is basically a .CAB archive), use your favorite MSI editor and take a look at the 'registry' table of iTunes.msi: [HKEY_CLASSES_ROOT\daap\shell\open\command] @="[#iTunes.exe] /url ""%1""" [HKEY_CLASSES_ROOT\itms\shell\open\command] @="[#iTunes.exe] /url ""%1""" [HKEY_CLASSES_ROOT\itmss\shell\open\command] @="[#iTunes.exe] /url ""%1""" [HKEY_CLASSES_ROOT\itsradio\shell\open\command] @="[#iTunes.exe] /url ""%1""" [HKEY_CLASSES_ROOT\itunesradio\shell\open\command] @="[#iTunes.exe] /url ""%1""" [HKEY_CLASSES_ROOT\itpc\shell\open\command] @="[#iTunes.exe] /url ""%1""" [HKEY_CLASSES_ROOT\itls\shell\open\command] @="[#iTunes.exe] /url ""%1""" [HKEY_CLASSES_ROOT\iTunes\shell\open\command] @="[#iTunes.exe] /url ""%1""" [HKEY_CLASSES_ROOT\pcast\shell\open\command] @="[INSTALLDIR]iTunes.exe /url ""%1""" [HKEY_CLASSES_ROOT\iTunes.AssocProtocol.daap\shell\open\command] @="[INSTALLDIR]iTunes.exe /url ""%1""" [HKEY_CLASSES_ROOT\iTunes.AssocProtocol.itls\shell\open\command] @="[INSTALLDIR]iTunes.exe /url ""%1""" [HKEY_CLASSES_ROOT\iTunes.AssocProtocol.itms\shell\open\command] @="[INSTALLDIR]iTunes.exe /url ""%1""" [HKEY_CLASSES_ROOT\iTunes.AssocProtocol.itmss\shell\open\command] @="[INSTALLDIR]iTunes.exe /url ""%1""" [HKEY_CLASSES_ROOT\iTunes.AssocProtocol.itpc\shell\open\command] @="[INSTALLDIR]iTunes.exe /url ""%1""" [HKEY_CLASSES_ROOT\iTunes.AssocProtocol.pcast\shell\open\command] @="[INSTALLDIR]iTunes.exe /url ""%1""" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Media\iTunes\shell\open\command] @="[#iTunes.exe]" Will they EVER learn? Stefan Kanthak PS: iTunes.msi installs a completely OUTDATED and (of course) VULNERABLE version 3.0.8449.0 of ATL.DLL into Windows' system directory. This ATL.DLL is for the unsupported and long abandoned platforms Windows NT4 (sic!) and Windows 9x/ME (even sicker!). A newer version of this file is part of ALL supported versions of Windows and MUST NOT be redistributed or installed there; see the "requirements" in <http://msdn.microsoft.com/en-us/library/ms954376.aspx>! [HKEY_CLASSES_ROOT\TypeLib\{44EC0535-400F-11D0-9DCD-00A0C90391D3}\1.0] @="ATL 2.0 Type Library" [HKEY_CLASSES_ROOT\TypeLib\{44EC0535-400F-11D0-9DCD-00A0C90391D3}\1.0\FLAGS] @="0" [HKEY_CLASSES_ROOT\TypeLib\{44EC0535-400F-11D0-9DCD-00A0C90391D3}\1.0\0\win32] @="[#Global_VC_ATLANSI_f0.7EBEDD68_AA66_11D2_B980_006097C4DE24]" [HKEY_CLASSES_ROOT\TypeLib\{44EC0535-400F-11D0-9DCD-00A0C90391D3}\1.0\HELPDIR] @="[SystemFolder]\" [HKEY_CLASSES_ROOT\TypeLib\{44EC0535-400F-11D0-9DCD-00A0C90391D3}\1.0] @="ATL 2.0 Type Library" [HKEY_CLASSES_ROOT\TypeLib\{44EC0535-400F-11D0-9DCD-00A0C90391D3}\1.0\FLAGS] @="0" [HKEY_CLASSES_ROOT\TypeLib\{44EC0535-400F-11D0-9DCD-00A0C90391D3}\1.0\0\win32] @="[#Global_VC_ATLUnicode_f1.7EBEDD68_AA66_11D2_B980_006097C4DE24]" [HKEY_CLASSES_ROOT\TypeLib\{44EC0535-400F-11D0-9DCD-00A0C90391D3}\1.0\HELPDIR] @="[SystemFolder]\" _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Re: Beginners error: iTunes for Windows runs rogue program C:\Program.exe when opening associated files Mike Cramer (May 01)
- Re: Beginners error: iTunes for Windows runs rogue program C:\Program.exe when opening associated files Alton Blom (May 01)
- <Possible follow-ups>
- Re: Beginners error: iTunes for Windows runs rogue program C:\Program.exe when opening associated files Stefan Kanthak (May 01)
- Re: Beginners error: iTunes for Windows runs rogue program C:\Program.exe when opening associated files Walt Williams (May 01)
- Re: Beginners error: iTunes for Windows runs rogue program C:\Program.exe when opening associated files Stefan Kanthak (May 16)