Re: xpdf vulnerability - CAN-2003-0434

Andries.Brouwer_at_cwi.nl
Date: 07/09/03

Next message: Goetz Bock: "Re: PalmOS Memo Record Hiding Vulnerability."

Previous message: Shaun Moore: "PalmOS Memo Record Hiding Vulnerability."
Maybe in reply to: Andries.Brouwer_at_cwi.nl: "xpdf vulnerability - CAN-2003-0434"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 9 Jul 2003 22:36:40 +0200 (MEST)
To: Andries.Brouwer@cwi.nl, shalunov@internet2.edu

>> A urlCommand like the default "netscape -remote 'openURL(%s)'"
>> is OK since the %s is protected by single quotes.

> How so? Consider an argument of
> '`rm -rf /tmp/test`'

xpdf already filters out single and double quotes, so
these do not occur in arguments.

Next message: Goetz Bock: "Re: PalmOS Memo Record Hiding Vulnerability."

Previous message: Shaun Moore: "PalmOS Memo Record Hiding Vulnerability."
Maybe in reply to: Andries.Brouwer_at_cwi.nl: "xpdf vulnerability - CAN-2003-0434"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

www.derkeiler.com > Mailing-Lists > securityfocus > bugtraq > 2003-07