| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Sep 2011 17:47:07 +0200
From: "Stefan Kanthak" <stefan.kanthak@...go.de>
To: "Geoff Strickler" <geoff.strickler@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Fix for NTFS permissions issue in QuickTime
7.xfor Windows
Geoff Strickler wrote:
[...]
> Below is the text of the
> CVE-2010-0530-fix-perms-all-profiles-targeted.bat
> batch file.
> rem ---- Start of script:
> rem Write a logfile to "CVE-2010-0530-log.txt" in the current user's
> rem temporary directory.
> echo %0 >%temp%\CVE-2010-0530-log.txt
^ ^
Please repeat after me: EVERY pathname which may contain blanks has to be
quoted!
> rem -------- revoke permissions for XP and earlier systems
> rem from %userprofile%\Local Settings\Application Data\Apple Computer
> rem and it's "QuickTime" subdirectory.
Both "Local Settings" and "Application Data" exist only on english (or MUI)
installations of Windows NT 5.x.
The localized directory names but can be constructed as follows:
SetLocal EnableDelayedExpansion
Set LocalizedAPPDATA=!APPDATA:%USERPROFILE%=%%~i!
If /I "%TEMP:~-5,5%" == "\TEMP" Set LocalizedLOCALAPPDATA=%TEMP:~0,-5%!LocalizedAPPDATA:%USERPROFILE%=!
An alternative (straightforward) way to construct LOCALAPPDATA in *.CMD:
Call :DIRNAME "%TEMP%"
Call :BASENAME "%APPDATA%"
Set LOCALAPPDATA=%DIRNAME%%BASENAME%
Set BASENAME=
Set DIRNAME=
Goto :EOF
:BASENAME
Set BASENAME=%~nx1
Goto :EOF
:DIRNAME
Set DIRNAME=%~dp1
Goto :EOF
Stefan Kanthak
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists