lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 05 Jan 2004 23:40:15 +0000
From: Richard Maudsley <r_i_c_h@...penworld.com>
To: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com
Subject: FirstClass Client 7.1: Command Execution via Email Web Link


Product: FirstClass Desktop Client 7.1
Developer: SoftArc
URL: http://www.softarc.com/

Description: Users clicking on a maliciously crafted link will result in 
local file execution.

Details:
FirstClass RTF formatted messages can include hyper-links to web URL's. 
When the messages recipient clicks on the URL the web browser is launched 
and navigates to the links URL. Crafting a malicious link is as simple as 
typing the local filename into the URL field of the form.

The most effective exploit would be to execute logoff.exe, forcefully 
terminating all running processes and logging the user out of their account.

C:\WINDOWS\SYSTEM32\LOGOFF.EXE

I wanted to mess with this further, but don't have time.

Also note that other protocols can be used to launch their associated software.

For example, hcp:// would launch the Windows help control panel, 
telnet://.... you get the idea.

Goodnight,
	Richard Maudsley

http://www.mindblock.org/
Greetings: Windsor Boys School
Matt & Dave: nice job on the network.
Greetings: French, Garlic, Shiva -- WBS Security Crew ;)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists