Vulnerability Development mailing list archives
Re: help:// protocol in Windows XP Prof
From: Bartosz Kwitkowski <bartosz () wb pl>
Date: 8 Jul 2004 07:46:31 -0000
In-Reply-To: <20040706093616.16342.qmail () www securityfocus com> Microsoft Security says about it: "It is a usability feature where IE is trying to "guess" the intended protocol. For example, "httq:" or "htt?" where "?" is any character will work as well. It does look funny but the results are that most users are sent to the URL they were expecting." I'd like to add some URLs... The same thing is with ALL other protocols: res:,mailto:,http:,https:,file:shell: (srall:).... IE can guess much more than one missing char. IE is really "smart", you can type httpds://wb.pl/bartosz and it will open http://... Jordan Cole wrote: "If you could get it to work in a link, it would make for a good exploit... "Click here to read the help file for this application." Have that link to a malware-enabled website or something similar, and you've got another unsuspecting user infected. On the other hand, you could just create a link that /appears/ to be pointing to a help:// url... " Hmmm... We can trick user but what than? "PLEASE DOWNLOAD THIS FILE AND EXEC IT"...? :-) Regards, Bartosz
Current thread:
- help:// protocol in Windows XP Prof Bartosz Kwitkowski (Jul 07)
- Re: help:// protocol in Windows XP Prof NETKOJI (Jul 08)
- Re: help:// protocol in Windows XP Prof Jordan Cole (stilist) (Jul 09)
- RE: help:// protocol in Windows XP Prof Rocky Heckman (Jul 09)
- Re: help:// protocol in Windows XP Prof Derek Kwan (Jul 08)
- RE: help:// protocol in Windows XP Prof Lucas ValdeĆ³n (Jul 08)
- Re: help:// protocol in Windows XP Prof Jordan Cole (stilist) (Jul 08)
- Re: help:// protocol in Windows XP Prof pingywon MCSE (Jul 12)
- Re: help:// protocol in Windows XP Prof Bartosz Kwitkowski (Jul 12)
- <Possible follow-ups>
- Re: help:// protocol in Windows XP Prof Bartosz Kwitkowski (Jul 08)
- RE: help:// protocol in Windows XP Prof Weltha, Nick [ADM] (Jul 08)
- RE: help:// protocol in Windows XP Prof Calderon, Juan Carlos (GE Commercial Finance, NonGE) (Jul 08)
- RE: help:// protocol in Windows XP Prof Tyler Durden (Jul 09)
- RE: help:// protocol in Windows XP Prof Rocky Heckman (Jul 09)
- Re: help:// protocol in Windows XP Prof NETKOJI (Jul 08)