BugTraq
Defense in depth -- the Microsoft way (part 9): erroneous documentation Aug 31 2013 10:58AM
Stefan Kanthak (stefan kanthak nexgo de)
Hi,

in <http://seclists.org/fulldisclosure/2013/Aug/75> I documented
beginners errors (unquoted pathnames containing spaces) not only
in Microsoft products.

Microsofts developer documentation but shows these beginners errors
too (and is inconsistent, even in single topics).

Examples:

<http://msdn.microsoft.com/library/cc144171.aspx>

| HKEY_CLASSES_ROOT
| txtile
...
| Shell
...
| cmd2
...
| command
| (Default) = C:\Program Files\Windows NT\Accessories\wordpad.exe %1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~

<http://msdn.microsoft.com/library/bb165967.aspx>

| [HKEY_CLASSES_ROOT\Applications\VSLauncher.exe\Shell\Open\Command]
| @="C:\\Program Files\\Common Files\\Microsoft Shared\\MSEnv\\VSLauncher.exe \"%1\""
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

| [HKEY_CLASSES_ROOT\VisualStudio.csproj.8.0\shell\Open\Command]
| @="\"C:\\Program Files\\Common Files\\Microsoft Shared\\MSEnv\\VSLauncher.exe\" \"%1\""

<http://msdn.microsoft.com/library/cc144083.aspx>

| HKEY_LOCAL_MACHINE
| SOFTWARE
| Classes
| contoso-search
| shell
| open
| command
| (Default) = "%ProgramFiles%\Contoso\Search\contososearch.exe %1"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~

<http://msdn.microsoft.com/library/cc144154.aspx>

| HKEY_LOCAL_MACHINE
| SOFTWARE
| Classes
| LitwarePlayer11.AssocFile....
...
| shell
| open
| command
| (Default) = %ProgramFiles%\Litware\litware.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

<http://msdn.microsoft.com/library/hh127450.aspx>

| HKEY_CLASSES_ROOT
| CLSID
| {0052D9FC-6764-4D29-A66F-2F3BD9E2BB40}
| Shell
| Open
| Command
| (Default) = [REG_EXPAND_SZ] %ProgramFiles%\MyCorp\MyApp.exe /Settings
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

<http://msdn.microsoft.com/library/cc144188.aspx>

| <sh:task id="{3B75A7AE-C4E4-4E5A-9420-7CECCDA75425}">
| <!-- This is a generated GUID, specific to this task link -->
| <sh:name>@myTextResources.dll,-100</sh:name>
| <sh:keywords>@myTextResources.dll,-101</sh:keywords>
| <sh:command>%ProgramFiles%\Microsoft Games\Solitaire\solitaire.exe</sh:command>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| </sh:task>

Example with ambiguous/inconsistent use of quotes:

<http://msdn.microsoft.com/en-us/library/aa767914.aspx>

| HKEY_CLASSES_ROOT
| alert
| (Default) = "URL:Alert Protocol"
^ ^
| URL Protocol = ""
^^
| DefaultIcon
| (Default) = "alert.exe,1"
^ ^
| shell
| open
| command
| (Default) = "C:\Program Files\Alert\alert.exe" "%1"

Counterexamples:

<http://msdn.microsoft.com/library/cc144175.aspx>
<http://msdn.microsoft.com/library/cc144101.aspx>

| Note: If any element of the command string contains or might contain
| spaces, it must be enclosed in quotation marks. Otherwise, if the
| element contains a space, it will not parse correctly. For instance,
| "My Program.exe" starts the application properly. If you use
| My Program.exe without quotation marks, then the system attempts to
| launch My with Program.exe as its first command line argument. You
| should always use quotation marks with arguments such as "%1" that are
| expanded to strings by the Shell, because you cannot be certain that
| the string will not contain a space.

<http://msdn.microsoft.com/library/dd203067.aspx>
<http://msdn.microsoft.com/library/cc144109.aspx>

regards
Stefan Kanthak

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus