SecurityFocus

URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Oct 05 2007 12:58PM
Juergen Schmidt (ju heisec de) (3 replies)

Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Oct 09 2007 11:03AM
Andreas Lindenblatt (azrael solution de)

Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Oct 09 2007 06:33AM
Andreas Lindenblatt (azrael solution de)

RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Oct 05 2007 07:54PM
Roger A. Grimes (roger banneretcs com) (1 replies)

Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Oct 06 2007 04:13PM
Thierry Zoller (Thierry Zoller lu) (2 replies)

RE: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Oct 07 2007 01:30AM
Roger A. Grimes (roger banneretcs com)

Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Oct 06 2007 04:43PM
Geo. (geoincidents nls net) (3 replies)

Re: URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Oct 11 2007 12:48PM
Thierry Zoller (Thierry Zoller lu)

Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Oct 07 2007 03:21PM
Valdis Kletnieks vt edu

Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Oct 06 2007 05:06PM
Thierry Zoller (Thierry Zoller lu) (3 replies)

Re[3]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Oct 08 2007 09:19AM
3APA3A (3APA3A SECURITY NNOV RU)

Dear Thierry Zoller,

--Saturday, October 6, 2007, 9:06:51 PM, you wrote to bugtraq (at) securityfocus (dot) com [email concealed]:

TZ> Dear Geo.,

G>> If the application is what exposes the URI handling routine to untrusted
G>> code from the internet,
TZ> Sorry, Untrusted code from the internet ?

TZ> The user clicks on a mailto link, is that untrusted code?
TZ> Or the mailto link is clicked for him.

What URL is is defined by RFC 1738, what mailto: is is defined by RFC
2368. String in question is definetly _not_ URL because of %xx and ".
Double quote is URL delimiter and is not a part of URL, in this case
application incorrectly parses and highlights URL (it should stop before
"). %xx is invalid character encoding. And altogether it's, for sure,
not mailto: URL. Passing unchecked user input to function called
ShellExecute(), where URL is expected, is a bug.

So, while there is a security vulnerability in Windows, there is also
security vulnerability in mIRC, Acrobat Reader, Netscape, Miranda,
Skype, because ShellExecute() behaviour is not defined for the case
non-URL data is passed to URL processor.

--
~/ZARAZA http://securityvulns.com/

[ reply ]

Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Oct 07 2007 05:40AM
Geo. (geoincidents nls net)

Re: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Oct 06 2007 06:52PM
Kurt Dillard (kurtdillard msn com) (1 replies)

Re: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype Oct 07 2007 01:40PM
Glynn Clements (glynn gclements plus com) (1 replies)

Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Oct 08 2007 12:45AM
KJK::Hyperion (hackbunny s0ftpj org) (1 replies)

Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Oct 09 2007 09:18PM
Thierry Zoller (Thierry Zoller lu)