[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] MSN Messenger is vulnerable to the shell: hole

To: Full-Disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] MSN Messenger is vulnerable to the shell: hole
From: Jesse Ruderman <jruderman@xxxxxxx>
Date: Sun, 11 Jul 2004 05:11:41 -0500

Clicking a shell:windows\notepad.exe link in MSN Messenger 6.2.0137 launches Notepad. MSN Messenger even recognizes shell: as a protocol and helpfully hyperlinks the URL.

Ctrl+clicking a shell:windows\notepad.exe link in Microsoft Word 10.2627.3311 launches Notepad.

What others Windows programs (browsers, e-mail clients, IM clients, word processors, etc.) are vulnerable to the shell: hole?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] MSN Messenger is vulnerable to the shell: hole
  - From: Lan Guy

Prev by Date: [Full-Disclosure] I small poem in JScript
Next by Date: [Full-Disclosure] Re: Security contact wanted
Previous by thread: Re: [Full-Disclosure] I small poem in JScript
Next by thread: Re: [Full-Disclosure] MSN Messenger is vulnerable to the shell: hole
Index(es):
- Date
- Thread