RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
Roger A. Grimes writes:
> The applications in question are accepting abitrary input and not
> validating correctly.
No -- they are handing the input over to the operating system -- which is
a reasonable thing to do for things that start with mailto|htpp|...
> How is that a Microsoft or Windows problem?
Ok, so just Microsoft and Windows:
Enter
mailto:test%../../../../windows/system32/calc.exe".cmd
in "Start/Run"
1) on a system with Windows XP and IE6. Outlook Express is executed as
expected.
2) now do the very same thing on a system with Windows XP and IE7.
calc.exe is executed.
3) Now do the very same thing on a system with Windows Vista. You get a
"... could not be found"
No 3rd party software involved, just Microsoft and Windows -- three
different reactions. That is not what I would call a reliable and therefor
secure basis for applications.
You can propably argue in favour of any of those reactions -- but not for
all of them.
bye, ju
--
Juergen Schmidt editor-in-chief heise Security www.heisec.de
Heise Zeitschriften Verlag, Helstorferstr. 7, D-30625 Hannover
Tel. +49 511 5352 300 FAX +49 511 5352 417 EMail ju@xxxxxxxxx
GPG-Key: 0x38EA4970, 5D7B 476D 84D5 94FF E7C5 67BE F895 0A18 38EA 4970
- Prev by Date:
Re: BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer)
- Next by Date:
Re[2]: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- Previous by thread:
Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- Next by thread:
Re[2]: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- Index(es):