lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: steve at stevesworld.hopto.org (Stephen Clowater)
Subject: Notepad popups in Internet Explorer and Outlook

I've heard people discusses the possibilities of useing this to execute
arbitray code before, however, I've never managed to replicate anyones
findings on this yet, however there has been quite a bit of talk on other
lists in the past, and I've been asked by people to look into it but I cant
seem to find anything ethier

Supposivly you can use the same flaw to execute arbitrary code, however,
I've been unable to see it replicated yet, so I wouldnt put much stalk into
it.
----- Original Message ----- 
From: "Richard M. Smith" <rms@...puterbytesman.com>
To: <full-disclosure@...ts.netsys.com>
Sent: Friday, August 08, 2003 12:18 AM
Subject: RE: [Full-Disclosure] Notepad popups in Internet Explorer and
Outlook


> I fiddle a little bit with view-source: and WordPad but nothing seemed
> too interesting.  WordPad always opened a large file as a plain text
> file.  I was checking to see if it might open a file as Word .DOC file,
> but had no luck.
>
> Richard
>
> -----Original Message-----
> From: Georgi Guninski [mailto:guninski@...inski.com]
> Sent: Thursday, August 07, 2003 3:57 PM
> To: Richard M. Smith
> Cc: full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] Notepad popups in Internet Explorer and
> Outlook
>
>
> Richard, you irresponsible m$ puppy!
> How irresponsible and self promoting of you to not give m$ chance to fix
> this
> huge hole!
> btw, on win9x you may have more fun with view-source and wordpad:
> http://lists.insecure.org/lists/bugtraq/2000/Feb/0388.html
>
> georgi
>
>
>
> Richard M. Smith wrote:
> > Hi,
> >
> > Do Notepad popups represent a security risk or are they simply another
> > way for spammers and marketers to annoy us?  Because of a design flaw
> in
> > Internet Explorer, Notepad popup windows can be displayed from an HTML
> > email message or Web page regardless of browser security settings.  In
> > addition, Notepad popups can access files on a hard disk, possibilly
> > causing stability problems in a Windows saystem.
> >
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ