Slashdot Mirror

← Back to Stories (view on slashdot.org)

MSN, Word Vulnerable To Shell: URI Exploit

Posted by timothy on from the we'll-get-our-top-men-right-on-it dept.

LnxAddct writes "InfoWorld is reporting that a few Microsoft products are also vulnerable to the "shell:" scheme vulnerability found in Mozilla last week. These applications include Microsoft Word and MSN Messenger."

27 of 392 comments (clear)

  1. Fixed in SR2? by djtripp · · Score: 3, Funny

    Well at least Mozilla will fix theirs...

    --
    "This is you left and that's your left. This is your right and that's your right. You're gonna die!
    1. Re:Fixed in SR2? by ROOK*CA · · Score: 4, Funny

      Mozilla already fixed this vulnerabilty (Mozilla 1.7.1 & FireFox 0.92) took what 3 or 4 days after it was discovered ?

      Microsoft will surely fix this in no more than 2 "Microsoft" Days which is around 6 months for the rest of Earth's population.

    2. Re:Fixed in SR2? by Anonymous Coward · · Score: 1, Funny

      The article title should be changed to "Microsoft products also vulnerable to Microsoft flaw"

  2. indiana jones quote by Jrod5000+at+RPI · · Score: 3, Funny

    Intelligence Guy: "We have top men working on it right now."
    Indy: "Who?"
    Intelligence Guy: "Top... Men..."

  3. Haha by mboverload · · Score: 2, Funny
    Looks like Microsoft has been copying some source

    =P

  4. My mind is spinning by tentimestwenty · · Score: 1, Funny

    Aren't we over our bugs-o-the-day limit?

    1. Re:My mind is spinning by DeepHurtn! · · Score: 2, Funny

      MS Bugs: They're the New SCO.

  5. MSN and Word? by Anonymous Coward · · Score: 1, Funny

    Fortunate that I don't have them then! :)

  6. Quite a coincidence by cookie_cutter · · Score: 3, Funny
    How obscure is this bug?

    If it's non-obvious and contrived, is it reasonable to assume that Microsoft could be lifting, or at least peeking at, code from the mozilla project and replicating it in their own browser?

    Naw; if that were true, IE wouldn't suck so much.

  7. Re:Open Source vs. Microsoft by Anonymous Coward · · Score: 3, Funny

    Well now, let's see how long it takes for their patch to come out.

    Not as fast as the FUD they'll put out.

  8. The War by POds · · Score: 1, Funny

    So open source is literally infecting MS Windows :) So this is how we plan to take down the empire?

    --


    Giving IE users a taste of their own medicine since 2005 - http://pods.-is-a-geek.net/
  9. Two words come to mind by peragrin · · Score: 2, Funny

    HA HA

    Does it also count as the obligatory Simpson's quote?

    --
    i thought once I was found, but it was only a dream.
  10. Re:Goes to show... by tolan-b · · Score: 3, Funny

    Oh good, I'll go and download SP2 then... What's that? It's been delayed to mid-August? Oh dear!

  11. Re:Can only allow programs to be run... by Lord+Bitman · · Score: 2, Funny

    You don't?

    --
    -- 'The' Lord and Master Bitman On High, Master Of All
  12. URI!? by DonniKatz · · Score: 3, Funny

    As the University of Rhode Island (URI) University College Representative in the Student Senate, I can assure you that no student at the University of Rhode Island is exploiting Microsoft Word... we're only pirating it.....

  13. Re:Mozilla Bug 163767 by Anonymous Coward · · Score: 0, Funny
    Nope, it doesn't. They coded special-cases to avoid their own broken APIs.

    I bet there are a whole bunch of these "traps" in Windows. They'd get in trouble if they wrote :

    if (Application Name == 'Firefox') open_security_hole();
    so instead they write
    if (true) open_security_whole();
    if (Application Name == 'IE') workaround_security_hole();
    That way they don't get caught for singling out competitors.

    It's kinda like how they mess with their home page when they detect an opera browser so Opera won't display it correctly.

  14. Price is Right Rules by funkdid · · Score: 5, Funny
    How about we have a /. pool, with Price is Right Rules.


    Here'show it works:

    You predict the next security flaw,exploit etc etc etc and what product it will hit. Apache buffer overflow (smart money says don't pick that one), Word vulernability etc. This could be cool.

    Dibs on Wednesday IE exploit.

    --

    I boycott signatures

  15. Re:Mac's safer if no MS code on them by Anonymous Coward · · Score: 2, Funny

    >In my 20+ years of using a Mac and getting only one virus

    You also only have one mouse button, so I wouldn't be too proud.

  16. Re:Mozilla Bug 163767 by fireman+sam · · Score: 2, Funny

    "They should just disable unsecure stuff by default."

    What, disable the Windows builds? But what about all the people wanting to switch from IE?

    NB: this was an attempt a humor

    --
    it is only after a long journey that you know the strength of the horse.
  17. I can see the next /. story now... by twalls · · Score: 2, Funny

    "A new security report today reveals that all computers are vulnerable to the latest of a series of never-ending security exploits. This latest flaw, which manufacturers are unwilling to disclose the details of at this time, has been proven to exist on all platforms and affects all operating systems. Manufacturers are currently working together to find a solution. Until then, security experts are recommending that users unplug their machines from any cables that connect to the walls. Critics suggest that even this solution has flaws as some are using wireless technologies to circumvent the wires. Industry analysts suggest that the latest exploit is linked to other reports on 'user stupidity' and 'God's wrath on civilization as we know it.'"

  18. 'Run' has this flaw too! by Finuvir · · Score: 2, Funny

    If you open the run dialog and type shell:windows\notepad.exe it opens it. That means Run has this flaw too!

    --
    Why is anything anything?
  19. Re:Goes to show... by Anonymous Coward · · Score: 5, Funny

    emacs will hit version 1.0 when it can shake the programmer's hand, look him in the eye and say "I'm ready."

  20. No! No! No! by Anonymous Coward · · Score: 1, Funny

    Thursday is Microsoft vulnerability day!

  21. Re:Misleading title - "...Mozilla flaw" by Anonymous Coward · · Score: 1, Funny

    You obviously don't understand FUD.

    Since it was first discovered in Mozilla, it is obviously a Mozilla bug, no matter how stupid Microsoft was implementing this feature!

    C'mon, people, this was obviously another one of those features that users demanded and Microsoft is blameless!

  22. shell:fdisk by HermanAB · · Score: 2, Funny

    shell:format

    shell:win

    shell:deltree%20y%20\

    shell:deltree/20y/20\

    shell:"deltree y \"

    Damn - I'll have to install windoze just to give it a try!

    --
    Oh well, what the hell...
  23. no command prompt? use batch files! by Tiuq · · Score: 3, Funny

    At school the command prompt is disabled, and you can't right click and make a new batch file, and you can't rename the extensions so in order to run some commands all you have to do is write them in notepad, and then tell it save as "all files" and then give it the .bat extension. We sure did have a lot of fun with the netsends :P until someone put it in a loop and the teacher found out.

  24. Re:Emacs on version 21.3 by kikta · · Score: 2, Funny

    That's because it's actually version 0.21.3.1, but the damn thing's been sub-1.0 so long they finally dropped the leading zero.

    Seriously, though - WTF do they want for feature completeness? Emacs is a kernel & a decent text editor away from being an operating system in its own right. ;-)