lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <8B32EDC90D8F4E4AB40918883281874D9B1A@pivxwin2k1.secnet.pivx.com>
Date: Tue, 5 Aug 2003 15:34:06 -0700
From: "Thor Larholm" <thor@...x.com>
To: "Richard M. Smith" <rms@...puterbytesman.com>,
	"BUGTRAQ@...URITYFOCUS. COM" <BUGTRAQ@...URITYFOCUS.COM>
Subject: RE: Notepad popups in Internet Explorer and Outlook


The problem at hand is not one of Notepad or the view-source protocol,
but of the behavior inherant to Internet Explorer on how to handle
certain mimetypes and protocols. Your advisory (good as it is)
highlights an example of the problem, but disregards the larger picture.

Whether or not a specific mimetype or protocol will be automatically
opened by the MSHTML renderer is controlled by the EditFlag registry
key. Changing bit 0 of byte 2 controls whether the Open/Save dialog box
appears or if the content is automatically opened.

You could e.g. use this to disable the automatic opening of MIDI files,
which would be a very quick way for most domain administrators to
efficiently disable the MIDI exploit from last week.

You can read more about EditFlag at
http://www.cpcug.org/user/clemenzi/technical/WinExplorer/WinExplorerEdit
Flags.htm or http://perso.wanadoo.fr/tmcd2/Types.htm

As such, this problem is not limited to plaintext messages, but extends
to other types of data and other protocols.

It's funny that you have looked into this now, I am currently writing up
some stuff about inline embedding and automatic execution of media data
and exe files in emails (MHTML/EML) which covers the broader picture. I
guess the cat is out of the bag now, might as well release that soon ;)


Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher



-----Original Message-----
From: Richard M. Smith [mailto:rms@...puterbytesman.com] 
Sent: Monday, August 04, 2003 11:58 AM
To: BUGTRAQ@...URITYFOCUS. COM
Subject: Notepad popups in Internet Explorer and Outlook


Hi,

Do Notepad popups represent a security risk or are they simply another
way for spammers and marketers to annoy us? Because of a design flaw in
Internet Explorer, Notepad popup windows can be displayed from an HTML
email message or Web page regardless of browser security settings. In
addition, Notepad popups can access files on a hard disk, possibilly
causing stability problems in a Windows saystem. 

For more details, see: 

  http://www.computerbytesman.com/security/notepadpopups.htm

Question:  What kind of operating system allows an email message to
automatically start up a text editor to change a system file?

Richard M. Smith
http://www.ComputerBytesMan.com







Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ