Re[3]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype
Dear Thierry Zoller,
--Saturday, October 6, 2007, 9:06:51 PM, you wrote to bugtraq@xxxxxxxxxxxxxxxxx:
TZ> Dear Geo.,
G>> If the application is what exposes the URI handling routine to untrusted
G>> code from the internet,
TZ> Sorry, Untrusted code from the internet ?
TZ> The user clicks on a mailto link, is that untrusted code?
TZ> Or the mailto link is clicked for him.
What URL is is defined by RFC 1738, what mailto: is is defined by RFC
2368. String in question is definetly _not_ URL because of %xx and ".
Double quote is URL delimiter and is not a part of URL, in this case
application incorrectly parses and highlights URL (it should stop before
"). %xx is invalid character encoding. And altogether it's, for sure,
not mailto: URL. Passing unchecked user input to function called
ShellExecute(), where URL is expected, is a bug.
So, while there is a security vulnerability in Windows, there is also
security vulnerability in mIRC, Acrobat Reader, Netscape, Miranda,
Skype, because ShellExecute() behaviour is not defined for the case
non-URL data is passed to URL processor.
--
~/ZARAZA http://securityvulns.com/
- References:
- URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype
- Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype
- Prev by Date:
[security bulletin] HPSBMA02274 SSRT071445 rev.1 - HP System Management Homepage (SMH) for HP-UX, Remote Cross Site Scripting (XSS)
- Next by Date:
Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- Previous by thread:
Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- Next by thread:
Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype
- Index(es):