| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: PerrymonJ at bek.com (Perrymon, Josh L.) Subject: What about M$ in the shell: race IE doesn't seem to have the Web page problem like Mozilla did. However, the shell: command opens the programs when used locally in the URL bar. I think it would have to be used with another IE vuln to really create a problem- JP -----Original Message----- From: Larry Seltzer To: 'daniel uriah clemens'; 'Perrymon, Josh L.' Cc: packet-ninjas@...mingham-infragard.org; full-disclosure@...ts.netsys.com; birmingham-infragard@...mingham-infragard.org Sent: 7/9/2004 9:44 PM Subject: RE: [Full-Disclosure] What about M$ in the shell: race >>The shell: issue is all over Full-disclosure and slashdot but I have yet to see a public response from M$ on the issue. I don't understand the IE angle on this one. Every time I test it on XP I get an Open/Save dialog for the file. This behavior is indistinguishable from a simple href to the file. Are you seeing something different? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer larryseltzer@...fdavis.com
Powered by blists - more mailing lists