| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: LevinsonK at STARS-SMI.com (Levinson, Karl) Subject: Notepad popups in Internet Explorer and Out look Microsoft stated in the following article concerning a different vulnerability: http://www.microsoft.com/technet/security/bulletin/MS02-015.asp "The vulnerability would not enable the attacker to pass any parameters to the program. Microsoft is not aware of any programs installed by default in any version of Windows that, when called with no parameters, could be used to compromise the system." I could be wrong, but I would imagine this limitation would also apply to this Notepad / Wordpad popup issue and prevent it from being anything more than an annoyance... unless someone was able to, for example, use a different vulnerability beforehand to inject a new version of notepad.exe, sort of like the way the Mimail worm used the MS02-015 vulnerability above. -----Original Message----- From: Stephen Clowater [mailto:steve@...vesworld.hopto.org] Sent: Friday, August 08, 2003 11:45 AM To: Richard M. Smith; full-disclosure@...ts.netsys.com Subject: [despammed] Re: [Full-Disclosure] Notepad popups in Internet Explorer and Outlook I've heard people discusses the possibilities of useing this to execute arbitray code before, however, I've never managed to replicate anyones findings on this yet, however there has been quite a bit of talk on other lists in the past, and I've been asked by people to look into it but I cant seem to find anything ethier Supposivly you can use the same flaw to execute arbitrary code, however, I've been unable to see it replicated yet, so I wouldnt put much stalk into it.
Powered by blists - more mailing lists