[Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- From: Juergen Schmidt <ju@xxxxxxxxx>
- Date: Fri, 5 Oct 2007 14:58:48 +0200 (CEST)
Hello,
the URI handling problem on Windows XP systems with IE 7 installed hits a lot of applications, not only Firefox (and mIRC) -- namely Skype, Acrobat Reader, Miranda, Netscape.
To recap: with the installation of IE 7 Microsoft changes the handling of URLs that are passed to the operating system on Windows XP. After this, URLs that contain an invalid "%" encoding can launch abitrary programms. One example is:
mailto:test%../../../../windows/system32/calc.exe".cmd
that launches the calculator when activated in affected applications. Firefox fixed this problem in 2.0.6. After being notified by heise Security, Skype fixed the problem in 3.5.0.239.
Still vulnerable (as of 4th of October) are:
Adobe Acrobat Reader 8.1: If a user clicks on such a link
in a PDF, calc.exe is executed.
Miranda v0.7: If a user klicks on this link in a chat window, calc.exe is executed
Netscape 7.1: mailto is handled by Netscape itself, but similar telnet:-links start the calculator.
This list can propably be extended with little effort.
On a question to MSRC if Microsoft is planning to react on this, we recieved the following response:
"After its thorough investigation, Microsoft has revealed that this is not a vulnerability in a Microsoft product."
For further information see:
http://www.heise-security.co.uk/news/96982
bye, ju
--
Juergen Schmidt editor-in-chief heise Security www.heisec.de
Heise Zeitschriften Verlag, Helstorferstr. 7, D-30625 Hannover
Tel. +49 511 5352 300 FAX +49 511 5352 417 EMail ju@xxxxxxxxx
GPG-Key: 0x38EA4970, 5D7B 476D 84D5 94FF E7C5 67BE F895 0A18 38EA 4970_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Follow-Ups:
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- From: Andreas Lindenblatt
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- From: Andreas Lindenblatt
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- From: Roger A. Grimes
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- Prev by Date: [Full-disclosure] [SECURITY] [DSA 1383-1] New gforge packages fix cross-site scripting
- Next by Date: Re: [Full-disclosure] password hash
- Previous by thread: [Full-disclosure] [SECURITY] [DSA 1383-1] New gforge packages fix cross-site scripting
- Next by thread: Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- Index(es):
Relevant Pages
|
