[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <BAY7-DAV20szc1NTSa100035474@hotmail.com>
From: rlanguy at hotmail.com (Lan Guy)
Subject: MSN Messenger is vulnerable to the shell: hole
you are missing the point.
in the IE example a user goes to browse a page and then the is executed on
the users computer.
In the messenger and MS Word examples you have given the user is just
launching a process locally.
----- Original Message -----
From: "Jesse Ruderman" <jruderman@....edu>
To: <Full-Disclosure@...ts.netsys.com>
Sent: Sunday, July 11, 2004 1:11 PM
Subject: [Full-Disclosure] MSN Messenger is vulnerable to the shell: hole
> Clicking a shell:windows\notepad.exe link in MSN Messenger 6.2.0137
> launches Notepad. MSN Messenger even recognizes shell: as a protocol
> and helpfully hyperlinks the URL.
>
> Ctrl+clicking a shell:windows\notepad.exe link in Microsoft Word
> 10.2627.3311 launches Notepad.
>
> What others Windows programs (browsers, e-mail clients, IM clients, word
> processors, etc.) are vulnerable to the shell: hole?
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Powered by blists - more mailing lists