[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] MSN Messenger is vulnerable to the shell: hole

To: "Jesse Ruderman" <jruderman@xxxxxxx>, <Full-Disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] MSN Messenger is vulnerable to the shell: hole
From: "Lan Guy" <rlanguy@xxxxxxxxxxx>
Date: Sun, 11 Jul 2004 16:43:05 +0300

you are missing the point.
in the IE example a user goes to browse a page and then the is executed on
the users computer.

In the messenger and MS Word examples you have given the user is just
launching a process locally.


----- Original Message ----- 
From: "Jesse Ruderman" <jruderman@xxxxxxx>
To: <Full-Disclosure@xxxxxxxxxxxxxxxx>
Sent: Sunday, July 11, 2004 1:11 PM
Subject: [Full-Disclosure] MSN Messenger is vulnerable to the shell: hole


> Clicking a shell:windows\notepad.exe link in MSN Messenger 6.2.0137
> launches Notepad.  MSN Messenger even recognizes shell: as a protocol
> and helpfully hyperlinks the URL.
>
> Ctrl+clicking a shell:windows\notepad.exe link in Microsoft Word
> 10.2627.3311 launches Notepad.
>
> What others Windows programs (browsers, e-mail clients, IM clients, word
> processors, etc.) are vulnerable to the shell: hole?
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] MSN Messenger is vulnerable to the shell: hole
  - From: Jesse Ruderman

Prev by Date: [Full-Disclosure] [ GLSA 200407-09 ] MoinMoin: Group ACL bypass
Next by Date: Re: [Full-Disclosure] Microsoft Faces Angry IE Users' Questions
Previous by thread: [Full-Disclosure] MSN Messenger is vulnerable to the shell: hole
Next by thread: Re: [Full-Disclosure] MSN Messenger is vulnerable to the shell: hole
Index(es):
- Date
- Thread