Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://support.microsoft.com/kb/224816 <= Use ShellExecute to launch
the default Web browser

I agree that we need sanity checking on the applications accepting the
input, but the fact remains that ShellExecute is doing dangerous
things based on bad input. Both application developers and Microsoft
should work on fixing this.

Greg Rubin
grrubin@xxxxxxxxx
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0

iD8DBQFHC+de5KDU23nQpRcRAoNKAJ9TvOiL16hKjTV2oYsDJtOazcZEMwCfYv/C
+g7WwL6VKCyRc9a5doKbdAg=
=UdN+
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • How to refresh Internet Explorer?
    ... I'm opening an URL in the default web browser via ... how could I force Internet Explorer to "refresh" the ... page via ShellExecute or by similar means. ...
    (microsoft.public.inetsdk.programming.webbrowser_ctl)
  • New IE Instance
    ... I can start a web browser with ShellExecute or ShellExecuteEx, ... if I have a browser window already open and I want to open a fresh ...
    (borland.public.delphi.nativeapi)