[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <a8fe69350801171114k63f07495ia8690f4ec52e7047@mail.gmail.com>
Date: Thu, 17 Jan 2008 13:14:56 -0600
From: "Fredrick Diggle" <fdiggle@...il.com>
To: "Sascha Roeske" <Service@...cha-roeske.de>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [FDSA] Notepad Highly Critical Cross-Site
Scripting (XSS) Vulnerability
Sascha,
Thank you for your disclosure of similar vulnerabilities in
Dreamweaver, vi, and emacs. Fredrick Diggle Security will be happy to
publicly disclose these in future FDSA's. We will credit you for
finding these vulnerabilities.
Thank you,
Fredrick Diggle, Esq.
On Jan 17, 2008 12:49 PM, Sascha Roeske <Service@...cha-roeske.de> wrote:
> That's a really funny "security risk". I don't agree with you, because
> otherwise every editor, which is able to save HTML Files, is a security
> problem. So vi, Dreamweaver, emacs… are all unsecure? It is your decision,
> to open a HTML file or not. And (if here are some MS guys) please don't fix
> this "issue", because sometimes, if you haven't a professional tool at the
> moment, the Windows editor can be useful, too. Also, if you need to edit
> some small Scripts.
>
> Yours,
> SR
>
> -----UrsprĂĽngliche Nachricht-----
> Von: full-disclosure-bounces@...ts.grok.org.uk
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] Im Auftrag von Fredrick
> Diggle
> Gesendet: Donnerstag, 17. Januar 2008 18:44
> An: full-disclosure@...ts.grok.org.uk
> Betreff: [Full-disclosure] [FDSA] Notepad Highly Critical Cross-Site
> Scripting (XSS) Vulnerability
>
>
> #######################################################################
>
> Fredrick Diggle Security Advisory
>
> Application: Notepad
> Versions: 5.1.2600.2180 verified to be vulnerable
> Platforms: Microsoft Windows (All Versions)
> Bugs: Cross Site Scripting (XSS)
> Severity: Critically High
> Date: 17 Jan 2008
> Credit: Estr Hinan
>
> #######################################################################
>
> 1) Introduction
> 2) Bugs
> 4) Fix
>
> #######################################################################
>
> ===============
> 1) Introduction
> ===============
>
> Fredrick Diggle Security Services is probably the best application
> security researchers on the scene this month. They have identified
> several hundred thousand vulnerabilities this week for which Priv8
> 0dayz have been developed. Fredrick Diggle Security Team periodically
> releases several of these vulnerabilities to the community at large
> (Pre Vendor Release!!!!). Fred Diggle would like to ensure that you
> understand this is 0DAY!!!. The vendors are completely unaware of this
> vulnerabilities.
>
> #######################################################################
>
> =======
> 2) Bug
> =======
>
> Notepad is a utility which is built into all current versions of
> Microsoft Windows. Notepad contains a highly exploitable stored
> cross-site scripting vulnerability when files are saved with the
> following extensions:
>
> htm
> html
>
> Other extensions may also be vulnerable in your environment depending
> on configuration. When arbitrary javascript code is entered into the
> notepad text window and saved using one of the vulnerable extensions a
> payload file is created. When an innocent user opens this payload file
> cross-site scripting occurs.
>
> #######################################################################
>
> =======
> 3) Proof of Concept
> =======
>
> 1. Open Notepad
> 2. Enter the following text
> <script>alert("xss");</script>
> 3. Save file as "exploit.html"
> 4. double click the payload file
>
> #######################################################################
>
> ======
> 4) Fix
> ======
>
> Notepad should be rewritten to filter potentially dangerous
> characters. Characters can be converted to their html encoded
> equivalents.
>
> #######################################################################
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists