[FD] Beginners error: Piriform's Crap Cleaner^W runs rogue program C:\Program.exe

["Stefan Kanthak" <stefan.kanthak@xxxxxxxx>]

Hi @ll,

Piriform's Crap Cleaner^W creates the following context menu entries
on Windows' recycle bin which run the rogue program "C:\Program.exe"
upon invocation:

[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\CCleaner 
starten\command]
@="C:\\Program Files\\CCleaner\\ccleaner.exe /AUTO"

[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\CCleaner 
öffnen...\command]
@="C:\\Program Files\\CCleaner\\ccleaner.exe"


From <http://msdn.microsoft.com/library/cc144175.aspx>
or <http://msdn.microsoft.com/library/cc144101.aspx>:

| Note: If any element of the command string contains or might contain
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| spaces, it must be enclosed in quotation marks. Otherwise, if the
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| element contains a space, it will not parse correctly.


"Long" filenames containing spaces exist for about 20 years in Windows.
It's REALLY time that every developer and every QA engineer knows how
to handle them properly.


regards
Stefan Kanthak


PS: from <http://www.piriform.com/about>:

| At Piriform we create award-winning software to make your computer
| faster, more secure and have greater privacy. Whether you're cleaning
| out files on your system with CCleaner, ...

I doubt that, especially the "more secure".
I'd but award them with a price for "crap".-P

| All our products are fully tested to the highest standard.

Unfortunately this "highest standard" allows a beginners error to ship
to approximately 1 billion PCs worldwide.


PPS: Piriform also fails to provide an email address on
     <http://www.piriform.com/contact> or elsewhere on their web site!


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/