[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <EC43A9D8E15A4FD1A7B169C7BAD22C19@celsius>
Date: Sat, 31 Aug 2013 12:58:40 +0200
From: "Stefan Kanthak" <stefan.kanthak@...go.de>
To: <bugtraq@...urityfocus.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Defense in depth -- the Microsoft way (part 9):
erroneous documentation
Hi,
in <http://seclists.org/fulldisclosure/2013/Aug/75> I documented
beginners errors (unquoted pathnames containing spaces) not only
in Microsoft products.
Microsofts developer documentation but shows these beginners errors
too (and is inconsistent, even in single topics).
Examples:
<http://msdn.microsoft.com/library/cc144171.aspx>
| HKEY_CLASSES_ROOT
| txtile
...
| Shell
...
| cmd2
...
| command
| (Default) = C:\Program Files\Windows NT\Accessories\wordpad.exe %1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~
<http://msdn.microsoft.com/library/bb165967.aspx>
| [HKEY_CLASSES_ROOT\Applications\VSLauncher.exe\Shell\Open\Command]
| @="C:\\Program Files\\Common Files\\Microsoft Shared\\MSEnv\\VSLauncher.exe \"%1\""
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| [HKEY_CLASSES_ROOT\VisualStudio.csproj.8.0\shell\Open\Command]
| @="\"C:\\Program Files\\Common Files\\Microsoft Shared\\MSEnv\\VSLauncher.exe\" \"%1\""
<http://msdn.microsoft.com/library/cc144083.aspx>
| HKEY_LOCAL_MACHINE
| SOFTWARE
| Classes
| contoso-search
| shell
| open
| command
| (Default) = "%ProgramFiles%\Contoso\Search\contososearch.exe %1"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~
<http://msdn.microsoft.com/library/cc144154.aspx>
| HKEY_LOCAL_MACHINE
| SOFTWARE
| Classes
| LitwarePlayer11.AssocFile....
...
| shell
| open
| command
| (Default) = %ProgramFiles%\Litware\litware.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<http://msdn.microsoft.com/library/hh127450.aspx>
| HKEY_CLASSES_ROOT
| CLSID
| {0052D9FC-6764-4D29-A66F-2F3BD9E2BB40}
| Shell
| Open
| Command
| (Default) = [REG_EXPAND_SZ] %ProgramFiles%\MyCorp\MyApp.exe /Settings
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<http://msdn.microsoft.com/library/cc144188.aspx>
| <sh:task id="{3B75A7AE-C4E4-4E5A-9420-7CECCDA75425}">
| <!-- This is a generated GUID, specific to this task link -->
| <sh:name>@myTextResources.dll,-100</sh:name>
| <sh:keywords>@myTextResources.dll,-101</sh:keywords>
| <sh:command>%ProgramFiles%\Microsoft Games\Solitaire\solitaire.exe</sh:command>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| </sh:task>
Example with ambiguous/inconsistent use of quotes:
<http://msdn.microsoft.com/en-us/library/aa767914.aspx>
| HKEY_CLASSES_ROOT
| alert
| (Default) = "URL:Alert Protocol"
^ ^
| URL Protocol = ""
^^
| DefaultIcon
| (Default) = "alert.exe,1"
^ ^
| shell
| open
| command
| (Default) = "C:\Program Files\Alert\alert.exe" "%1"
Counterexamples:
<http://msdn.microsoft.com/library/cc144175.aspx>
<http://msdn.microsoft.com/library/cc144101.aspx>
| Note: If any element of the command string contains or might contain
| spaces, it must be enclosed in quotation marks. Otherwise, if the
| element contains a space, it will not parse correctly. For instance,
| "My Program.exe" starts the application properly. If you use
| My Program.exe without quotation marks, then the system attempts to
| launch My with Program.exe as its first command line argument. You
| should always use quotation marks with arguments such as "%1" that are
| expanded to strings by the Shell, because you cannot be certain that
| the string will not contain a space.
<http://msdn.microsoft.com/library/dd203067.aspx>
<http://msdn.microsoft.com/library/cc144109.aspx>
regards
Stefan Kanthak
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists