Slashdot Mirror
MSN, Word Vulnerable To Shell: URI Exploit
LnxAddct writes "InfoWorld is reporting that a few Microsoft products are also vulnerable to the "shell:" scheme vulnerability found in Mozilla last week. These applications include Microsoft Word and MSN Messenger."
Mac OS X' Safari had a very similar flaw, where one could use disk:// to mount a disk image, which could execute whatever it wanted to.
That flaw was fixed with the 2004-06-07 security update.
According to newsforge, it took "barely a day" for Mozilla to release new builds and patches.
Actually, it was their source that was the root of the problem in the first place. The whole "shell" thing is only in windows, unfortunately the article titles lead people to believe that it is a problem with Mozilla across all platforms, when in reality it only affects those running on a Windows platform.
Microsoft Word 2003 w/Latest Updates.
Insert > Hyperlink
shell:explorer.exe (path should be unneccessary, tried shell:windows\explorer.exe as well)
Critical Error Dialog pops up
Opening "shell:explorer.exe"
Hyperlinks can be harmful to your computer and data. To protect your computer, click only those hyperlinks from trusted sources. Do you want to continue?
Yes | No
Pressed Yes and nothing to happened.
I did not contact Microsoft before posting on Full Disclosure. I thought posting to Full Disclosure would encourage Microsoft to fix the hole in Windows rather than forcing every software vendor to work around it using a whitelist or blacklist. Maybe I was wrong about that. I felt that all software vendors should be given an equal chance to fix the hole if they want to be safe running on unpatched versions of Windows. I was frustrated that Mozilla looked bad because of a Windows hole that affected a large number fof programs.
I got an IM from someone at Microsoft thanking me for the post on Full Disclosure. Microsoft earned a little respect from me today.
The shareholder is always right.