Re: KaZaA
From: Alex Lambert (alambert@webmaster.com)Date: 10/18/02
- Previous message: Alun Jones: "Re: Ambiguities in TCP/IP - firewall bypassing"
- In reply to: David Krum: "KaZaA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Alex Lambert" <alambert@webmaster.com> To: "David Krum" <frobnitz@msn.com>, <bugtraq@securityfocus.com> Date: Fri, 18 Oct 2002 15:55:57 -0500
Kazaa's IE control (at least in 1.7.x) seems to treat certain URLs
differently, too, which could pose a problem. For example,
http://localhost/KazaaSearchQuery performs a search (a form for this is
displayed on desktop.kazaa.com). Putting more than 272 bytes into the query
argument causes a crash; I haven't checked if it's posisble to run malicious
code with this.
apl
----- Original Message -----
From: "David Krum" <frobnitz@msn.com>
To: <bugtraq@securityfocus.com>
Sent: Friday, October 18, 2002 11:33 AM
Subject: KaZaA
> I'm concerned about all the applications which utilize ie browser
controls.
> There are a lot of adware programs with little ads. Some of these ads
have
> activex, java, flash, js. Any one of these capabilities in the wrong zone
> could be dangerous.
>
> My attention was first drawn to this when I noticed KaZaA launching popups
> sourced from the local hard disk. Surely these ads are running in the
local
> zone. To use software that does this I have to trust them to audit the
ads
> given to them?
>
> _________________________________________________________________
> Broadband? Dial-up? Get reliable MSN Internet Access.
> http://resourcecenter.msn.com/access/plans/default.asp
>
>
- Previous message: Alun Jones: "Re: Ambiguities in TCP/IP - firewall bypassing"
- In reply to: David Krum: "KaZaA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
