| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5C3F5613AF7F4527AF5368ED8D2423FB@celsius>
Date: Fri, 16 May 2014 17:18:44 +0200
From: "Stefan Kanthak" <stefan.kanthak@...go.de>
To: <fulldisclosure@...lists.org>
Cc: bugtraq@...urityfocus.com
Subject: Re: [FD] Beginners error: iTunes for Windows runs rogue program
C:\Program.exe when opening associated files
Hi @ll,
> the current version of iTunes for Windows (and of course older versions
> too) associates the following vulnerable command lines with some of the
> supported file types/extensions:
[...]
The just released iTunes 11.2 still has this beginners error.
Unpack the iTunesSetup.exe (this is basically a .CAB archive), use your
favorite MSI editor and take a look at the 'registry' table of iTunes.msi:
[HKEY_CLASSES_ROOT\daap\shell\open\command]
@="[#iTunes.exe] /url ""%1"""
[HKEY_CLASSES_ROOT\itms\shell\open\command]
@="[#iTunes.exe] /url ""%1"""
[HKEY_CLASSES_ROOT\itmss\shell\open\command]
@="[#iTunes.exe] /url ""%1"""
[HKEY_CLASSES_ROOT\itsradio\shell\open\command]
@="[#iTunes.exe] /url ""%1"""
[HKEY_CLASSES_ROOT\itunesradio\shell\open\command]
@="[#iTunes.exe] /url ""%1"""
[HKEY_CLASSES_ROOT\itpc\shell\open\command]
@="[#iTunes.exe] /url ""%1"""
[HKEY_CLASSES_ROOT\itls\shell\open\command]
@="[#iTunes.exe] /url ""%1"""
[HKEY_CLASSES_ROOT\iTunes\shell\open\command]
@="[#iTunes.exe] /url ""%1"""
[HKEY_CLASSES_ROOT\pcast\shell\open\command]
@="[INSTALLDIR]iTunes.exe /url ""%1"""
[HKEY_CLASSES_ROOT\iTunes.AssocProtocol.daap\shell\open\command]
@="[INSTALLDIR]iTunes.exe /url ""%1"""
[HKEY_CLASSES_ROOT\iTunes.AssocProtocol.itls\shell\open\command]
@="[INSTALLDIR]iTunes.exe /url ""%1"""
[HKEY_CLASSES_ROOT\iTunes.AssocProtocol.itms\shell\open\command]
@="[INSTALLDIR]iTunes.exe /url ""%1"""
[HKEY_CLASSES_ROOT\iTunes.AssocProtocol.itmss\shell\open\command]
@="[INSTALLDIR]iTunes.exe /url ""%1"""
[HKEY_CLASSES_ROOT\iTunes.AssocProtocol.itpc\shell\open\command]
@="[INSTALLDIR]iTunes.exe /url ""%1"""
[HKEY_CLASSES_ROOT\iTunes.AssocProtocol.pcast\shell\open\command]
@="[INSTALLDIR]iTunes.exe /url ""%1"""
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Media\iTunes\shell\open\command]
@="[#iTunes.exe]"
Will they EVER learn?
Stefan Kanthak
PS: iTunes.msi installs a completely OUTDATED and (of course) VULNERABLE
version 3.0.8449.0 of ATL.DLL into Windows' system directory.
This ATL.DLL is for the unsupported and long abandoned platforms
Windows NT4 (sic!) and Windows 9x/ME (even sicker!).
A newer version of this file is part of ALL supported versions of
Windows and MUST NOT be redistributed or installed there; see the
"requirements" in <http://msdn.microsoft.com/en-us/library/ms954376.aspx>!
[HKEY_CLASSES_ROOT\TypeLib\{44EC0535-400F-11D0-9DCD-00A0C90391D3}\1.0]
@="ATL 2.0 Type Library"
[HKEY_CLASSES_ROOT\TypeLib\{44EC0535-400F-11D0-9DCD-00A0C90391D3}\1.0\FLAGS]
@="0"
[HKEY_CLASSES_ROOT\TypeLib\{44EC0535-400F-11D0-9DCD-00A0C90391D3}\1.0\0\win32]
@="[#Global_VC_ATLANSI_f0.7EBEDD68_AA66_11D2_B980_006097C4DE24]"
[HKEY_CLASSES_ROOT\TypeLib\{44EC0535-400F-11D0-9DCD-00A0C90391D3}\1.0\HELPDIR]
@="[SystemFolder]\"
[HKEY_CLASSES_ROOT\TypeLib\{44EC0535-400F-11D0-9DCD-00A0C90391D3}\1.0]
@="ATL 2.0 Type Library"
[HKEY_CLASSES_ROOT\TypeLib\{44EC0535-400F-11D0-9DCD-00A0C90391D3}\1.0\FLAGS]
@="0"
[HKEY_CLASSES_ROOT\TypeLib\{44EC0535-400F-11D0-9DCD-00A0C90391D3}\1.0\0\win32]
@="[#Global_VC_ATLUnicode_f1.7EBEDD68_AA66_11D2_B980_006097C4DE24]"
[HKEY_CLASSES_ROOT\TypeLib\{44EC0535-400F-11D0-9DCD-00A0C90391D3}\1.0\HELPDIR]
@="[SystemFolder]\"
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists