| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6.0.1.1.2.20040105231541.01b3e178@mail.btinternet.com> From: r_i_c_h at btopenworld.com (Richard Maudsley) Subject: FirstClass Client 7.1: Command Execution via Email Web Link Product: FirstClass Desktop Client 7.1 Developer: SoftArc URL: http://www.softarc.com/ Description: Users clicking on a maliciously crafted link will result in local file execution. Details: FirstClass RTF formatted messages can include hyper-links to web URL's. When the messages recipient clicks on the URL the web browser is launched and navigates to the links URL. Crafting a malicious link is as simple as typing the local filename into the URL field of the form. The most effective exploit would be to execute logoff.exe, forcefully terminating all running processes and logging the user out of their account. C:\WINDOWS\SYSTEM32\LOGOFF.EXE I wanted to mess with this further, but don't have time. Also note that other protocols can be used to launch their associated software. For example, hcp:// would launch the Windows help control panel, telnet://.... you get the idea. Goodnight, Richard Maudsley http://www.mindblock.org/ Greetings: Windsor Boys School Matt & Dave: nice job on the network. Greetings: French, Garlic, Shiva -- WBS Security Crew ;)
Powered by blists - more mailing lists