[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Re: shell:windows

To: nikon@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Re: shell:windows
From: Barry Fitzgerald <bkfsec@xxxxxxxxxxxxxxxx>
Date: Mon, 12 Jul 2004 10:51:50 -0400

Nick Eoannidis wrote:

Larry Seltzer
eWEEK.com Security Center Editor --

buddy, the shell:windows URI handler was disabled in IE ages ago!
The fact it can be crafted into an exploit for Mozilla! is the issue
here.
Of course it wont work on your IE your probably patched to the max!
Mozilla just forgot to disable access to this URI due to the fact
that mozilla was first built for nix and not windoze.
All versions of mozilla have been fixed now

Actually, that's not entirely accurate.

The shell:windows code does work in IE, the only difference being that it displays a dialogue box when referenced asking if the user wishes to open or save the file. Combine that with a little social engineering and you've got a potential compromise.

Also, when the shell:windows reference is input into IE's address bar field, it executes the code without a a dialogue box...

I think that some of you may see where that's going...

-Barry


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] Re: shell:windows
  - From: Larry Seltzer

References:
- [Full-Disclosure] Re: shell:windows
  - From: Nick Eoannidis

Prev by Date: RE: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
Next by Date: Re: [Full-Disclosure] Norton AntiVirus Scanner Remote Denial Of ServiceVulnerability [Part: !!!]
Previous by thread: [Full-Disclosure] Re: shell:windows
Next by thread: RE: [Full-Disclosure] Re: shell:windows
Index(es):
- Date
- Thread