Lucene search
K

urihandlexp.txt

🗓️ 06 Oct 2007 00:00:00Reported by Juergen SchmidtType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 30 Views

URI handling vulnerability in Windows X

Code
`Hello,  
  
the URI handling problem on Windows XP systems with IE 7 installed hits a   
lot of applications, not only Firefox (and mIRC) -- namely Skype, Acrobat   
Reader, Miranda, Netscape.  
  
To recap: with the installation of IE 7 Microsoft   
changes the handling of URLs that are passed to the operating system on   
Windows XP. After this, URLs that contain an invalid "%" encoding can   
launch abitrary programms. One example is:  
  
mailto:test%../../../../windows/system32/calc.exe".cmd  
  
that launches the calculator when activated in affected applications.   
Firefox fixed this problem in 2.0.6. After being notified by heise   
Security, Skype fixed the problem in 3.5.0.239.  
  
  
Still vulnerable (as of 4th of October) are:  
  
Adobe Acrobat Reader 8.1: If a user clicks on such a link  
in a PDF, calc.exe is executed.  
  
Miranda v0.7: If a user klicks on this link in a chat window, calc.exe is   
executed  
  
Netscape 7.1: mailto is handled by Netscape itself, but   
similar telnet:-links start the calculator.  
  
This list can propably be extended with little effort.  
  
  
On a question to MSRC if Microsoft is planning to react on this, we   
recieved the following response:  
  
"After its thorough investigation, Microsoft has revealed that this is   
not a vulnerability in a Microsoft product."   
  
  
For further information see:  
  
http://www.heise-security.co.uk/news/96982  
  
bye, ju  
  
  
--   
Juergen Schmidt editor-in-chief heise Security www.heisec.de  
Heise Zeitschriften Verlag, Helstorferstr. 7, D-30625 Hannover  
Tel. +49 511 5352 300 FAX +49 511 5352 417 EMail [email protected]  
GPG-Key: 0x38EA4970, 5D7B 476D 84D5 94FF E7C5 67BE F895 0A18 38EA 4970`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation