Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://support.microsoft.com/kb/224816 <= Use ShellExecute to launch
the default Web browser

I agree that we need sanity checking on the applications accepting the
input, but the fact remains that ShellExecute is doing dangerous
things based on bad input. Both application developers and Microsoft
should work on fixing this.

Greg Rubin
grrubin@xxxxxxxxx
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0

iD8DBQFHC+de5KDU23nQpRcRAoNKAJ9TvOiL16hKjTV2oYsDJtOazcZEMwCfYv/C
+g7WwL6VKCyRc9a5doKbdAg=
=UdN+
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/