Re: 0day: mIRC pwns Windows
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Re: 0day: mIRC pwns Windows
- From: "Fred Elliot" <thevorsoth@xxxxxxxxxxxxxx>
- Date: Thu, 4 Oct 2007 18:45:36 +0100
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=ARhH4lS/YswfEsTmH55fZhxccjNGjwKZylvNE4iBDtY=; b=YuA9OSOnRqomi/0j6fDl0JlwvhH3tHJ0iQxcGRpCyepDZ+N3c6cM+EDD0wCiAlKWFmssd/nwiH9A3GN7hWmyFd13QhyJ88VhYa43h2ToqDfCNNScja3rmnZAi1qm1K4Oz3Y88ZaFbgQMTdg58Fdeh2yQhlRuukpEJbll054WiQQ=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=beRmTF3K1vz/E+pWLNELpKACJto6SDBqCcdhJ4BOiB+0VcIH8sOendLfV1gtNTEsVOotFQdQJMEkTRO0mheqtgaQGjiqe6kTVq5vUA6mqvyvN65D9uOtd3JSIo6KfOiaXxMHl+1Fps4PcCFVEiqpPDYsS+4945FnhR1v//d1Z9I=
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Although mIRC could/should do some sanitizing the problem actually
lays in Windows' handling of URIs.
See http://secunia.com/advisories/26201/
- Fred