[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- To: "KJK::Hyperion" <hackbunny@xxxxxxxxxx>
- Subject: Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- From: "Gregory Rubin" <grrubin@xxxxxxxxx>
- Date: Tue, 9 Oct 2007 13:41:29 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://support.microsoft.com/kb/224816 <= Use ShellExecute to launch
the default Web browser
I agree that we need sanity checking on the applications accepting the
input, but the fact remains that ShellExecute is doing dangerous
things based on bad input. Both application developers and Microsoft
should work on fixing this.
Greg Rubin
grrubin@xxxxxxxxx
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0
iD8DBQFHC+de5KDU23nQpRcRAoNKAJ9TvOiL16hKjTV2oYsDJtOazcZEMwCfYv/C
+g7WwL6VKCyRc9a5doKbdAg=
=UdN+
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- References:
- [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype