On Fri, 27 Aug 2010 01:42:44 +0530, Atul Agarwal said: > IMHO, I think its rather useless. > > Instead of it executing "wab.exe (Windows Address Book) and open the file > test.vcf", one can directly get any .exe file open. The whole point is that launching wab.exe and opening a test file is relatively innocuous - but if you can do that, you're basically holding the user's testicles in one hand and a very sharp knife in the other. It *could* have been anything - but we'll just do something mostly harmless just to be nice. Feel free to rewrite it to do a format c:\ instead, and test on your box. Let us know which variety of PoC you prefer...
Attachment:
pgp_XYjN6RF3z.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/