[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,
From: Paul Szabo <psz () maths ! usyd ! edu ! au>
Date: 2007-10-06 21:14:04
Message-ID: 200710062114.l96LE4Ex010739 () asti ! maths ! usyd ! edu ! au
[Download RAW message or body]
What I see as "root cause", is not what IE7 has changed. Windows was
always confused about quoting, may parse and re-parse a command an
unspecified number of times. Compared to Unix, it confuses system(3)
with execl(3).
In the registry there are shell\open\command keys, set to 'prog %1'. It
should be clear to Windows that there is a command with one argument;
but it will normally mis-parse blanks within %1 and have many arguments.
Some registry keys are set to 'prog "%1"' to protect against blanks, but
those are vulnerable to embedded quotes. I only guess that things are
generally unsafe against embedded % characters (though maybe not the URL
protocol handlers we are specifically worried about here).
A number of similar issues would be solved if Windows would respect the
"command with one argument" setting, parsing the registry key just once.
Cheers,
Paul Szabo psz@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic