Re: help:// protocol in Windows XP Prof
From: Bartosz Kwitkowski (bartosz_at_wb.pl)
Date: 07/08/04
- Previous message: Perrymon, Josh L.: "Shell:"
- Maybe in reply to: Bartosz Kwitkowski: "help:// protocol in Windows XP Prof"
- Next in thread: Weltha, Nick [ADM]: "RE: help:// protocol in Windows XP Prof"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 8 Jul 2004 07:46:31 -0000 To: vuln-dev@securityfocus.com('binary' encoding is not supported, stored as-is) In-Reply-To: <20040706093616.16342.qmail@www.securityfocus.com>
Microsoft Security says about it:
"It is a usability feature where IE is trying to "guess" the intended protocol. For example, "httq:" or "htt?" where "?" is any character will work as well. It does look funny but the results are that most users are sent to the URL they were expecting."
I'd like to add some URLs...
The same thing is with ALL other protocols:
res:,mailto:,http:,https:,file:shell: (srall:)....
IE can guess much more than one missing char. IE is really "smart",
you can type httpds://wb.pl/bartosz and it will open http://...
Jordan Cole wrote:
"If you could get it to work in a link, it would make for a good
exploit... "Click here to read the help file for this application."
Have that link to a malware-enabled website or something similar, and
you've got another unsuspecting user infected.
On the other hand, you could just create a link that /appears/ to be
pointing to a help:// url...
"
Hmmm... We can trick user but what than?
"PLEASE DOWNLOAD THIS FILE AND EXEC IT"...?
:-)
Regards,
Bartosz
- Previous message: Perrymon, Josh L.: "Shell:"
- Maybe in reply to: Bartosz Kwitkowski: "help:// protocol in Windows XP Prof"
- Next in thread: Weltha, Nick [ADM]: "RE: help:// protocol in Windows XP Prof"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
