Re: help:// protocol in Windows XP Prof

From: Bartosz Kwitkowski (bartosz_at_wb.pl)
Date: 07/08/04

  • Next message: Lucas Valdeón: "RE: help:// protocol in Windows XP Prof"
    Date: 8 Jul 2004 07:46:31 -0000
    To: vuln-dev@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <20040706093616.16342.qmail@www.securityfocus.com>

    Microsoft Security says about it:

    "It is a usability feature where IE is trying to "guess" the intended protocol. For example, "httq:" or "htt?" where "?" is any character will work as well. It does look funny but the results are that most users are sent to the URL they were expecting."

    I'd like to add some URLs...

    The same thing is with ALL other protocols:

    res:,mailto:,http:,https:,file:shell: (srall:)....

    IE can guess much more than one missing char. IE is really "smart",
    you can type httpds://wb.pl/bartosz and it will open http://...

    Jordan Cole wrote:
    "If you could get it to work in a link, it would make for a good
    exploit... "Click here to read the help file for this application."
    Have that link to a malware-enabled website or something similar, and
    you've got another unsuspecting user infected.

    On the other hand, you could just create a link that /appears/ to be
    pointing to a help:// url...
    "

    Hmmm... We can trick user but what than?
    "PLEASE DOWNLOAD THIS FILE AND EXEC IT"...?

    :-)

    Regards,
    Bartosz


  • Next message: Lucas Valdeón: "RE: help:// protocol in Windows XP Prof"