[<prev] [next>] [day] [month] [year] [list]
Message-ID: <A84F31AA4BAE4F3DB6575EA4347DF964@celsius>
Date: Tue, 6 May 2014 13:43:37 +0200
From: "Stefan Kanthak" <stefan.kanthak@...go.de>
To: <bugtraq@...urityfocus.com>
Cc: fulldisclosure@...lists.org
Subject: [FD] Beginners error: Piriform's Crap Cleaner^W runs rogue program
C:\Program.exe
Hi @ll,
Piriform's Crap Cleaner^W creates the following context menu entries
on Windows' recycle bin which run the rogue program "C:\Program.exe"
upon invocation:
[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\CCleaner starten\command]
@="C:\\Program Files\\CCleaner\\ccleaner.exe /AUTO"
[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\CCleaner öffnen...\command]
@="C:\\Program Files\\CCleaner\\ccleaner.exe"
>From <http://msdn.microsoft.com/library/cc144175.aspx>
or <http://msdn.microsoft.com/library/cc144101.aspx>:
| Note: If any element of the command string contains or might contain
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| spaces, it must be enclosed in quotation marks. Otherwise, if the
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| element contains a space, it will not parse correctly.
"Long" filenames containing spaces exist for about 20 years in Windows.
It's REALLY time that every developer and every QA engineer knows how
to handle them properly.
regards
Stefan Kanthak
PS: from <http://www.piriform.com/about>:
| At Piriform we create award-winning software to make your computer
| faster, more secure and have greater privacy. Whether you're cleaning
| out files on your system with CCleaner, ...
I doubt that, especially the "more secure".
I'd but award them with a price for "crap".-P
| All our products are fully tested to the highest standard.
Unfortunately this "highest standard" allows a beginners error to ship
to approximately 1 billion PCs worldwide.
PPS: Piriform also fails to provide an email address on
<http://www.piriform.com/contact> or elsewhere on their web site!
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists