BugTraq
URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Oct 05 2007 12:58PM
Juergen Schmidt (ju heisec de) (3 replies)
Hello,

the URI handling problem on Windows XP systems with IE 7 installed hits a
lot of applications, not only Firefox (and mIRC) -- namely Skype, Acrobat
Reader, Miranda, Netscape.

To recap: with the installation of IE 7 Microsoft
changes the handling of URLs that are passed to the operating system on
Windows XP. After this, URLs that contain an invalid "%" encoding can
launch abitrary programms. One example is:

mailto:test%../../../../windows/system32/calc.exe".cmd

that launches the calculator when activated in affected applications.
Firefox fixed this problem in 2.0.6. After being notified by heise
Security, Skype fixed the problem in 3.5.0.239.

Still vulnerable (as of 4th of October) are:

Adobe Acrobat Reader 8.1: If a user clicks on such a link
in a PDF, calc.exe is executed.

Miranda v0.7: If a user klicks on this link in a chat window, calc.exe is
executed

Netscape 7.1: mailto is handled by Netscape itself, but
similar telnet:-links start the calculator.

This list can propably be extended with little effort.

On a question to MSRC if Microsoft is planning to react on this, we
recieved the following response:

"After its thorough investigation, Microsoft has revealed that this is
not a vulnerability in a Microsoft product." 

For further information see:

http://www.heise-security.co.uk/news/96982

bye, ju

--
Juergen Schmidt editor-in-chief heise Security www.heisec.de
Heise Zeitschriften Verlag, Helstorferstr. 7, D-30625 Hannover
Tel. +49 511 5352 300 FAX +49 511 5352 417 EMail ju (at) heisec (dot) de [email concealed]
GPG-Key: 0x38EA4970, 5D7B 476D 84D5 94FF E7C5 67BE F895 0A18 38EA 4970

[ reply ]
Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Oct 09 2007 11:03AM
Andreas Lindenblatt (azrael solution de)
Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Oct 09 2007 06:33AM
Andreas Lindenblatt (azrael solution de)
RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Oct 05 2007 07:54PM
Roger A. Grimes (roger banneretcs com) (1 replies)
Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Oct 06 2007 04:13PM
Thierry Zoller (Thierry Zoller lu) (2 replies)
RE: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Oct 07 2007 01:30AM
Roger A. Grimes (roger banneretcs com)
Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Oct 06 2007 04:43PM
Geo. (geoincidents nls net) (3 replies)
Re: URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Oct 11 2007 12:48PM
Thierry Zoller (Thierry Zoller lu)
Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Oct 06 2007 05:06PM
Thierry Zoller (Thierry Zoller lu) (3 replies)
Re: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Oct 06 2007 06:52PM
Kurt Dillard (kurtdillard msn com) (1 replies)
Re: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Oct 07 2007 01:40PM
Glynn Clements (glynn gclements plus com) (1 replies)
Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Oct 08 2007 12:45AM
KJK::Hyperion (hackbunny s0ftpj org) (1 replies)


 

Privacy Statement
Copyright 2010, SecurityFocus