|
Microsoft Products Fail to Restrict "shell:" Access
|
|
Secunia Advisory:
|
SA12042
|
|
|
Release Date:
|
2004-07-12
|
|
Popularity:
|
17,726 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched
|
|
| Software: | Microsoft MSN Messenger 6.x
Microsoft Word 2002
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
Jesse Ruderman has reported a vulnerability in MSN Messenger and Microsoft Word, allowing access to the Windows "shell:" functionality.
The problem is that the programs fail to restrict access to the "shell:" URI handler. This allows malicious people to invoke various programs associated with specific extensions. It is not possible to pass parameters to these programs, only filenames, thus limiting the impact of launching applications.
The Windows "shell:" URI handler is inherently insecure and should only be accessed from a few trusted sources - it may even pose a threat through Word documents. Multiple exploits in Internet Explorer also utilise "shell:" functionality.
This is related to a similar issue in Mozilla:
SA12027
Solution:
Do not follow links in MSN Messenger.
Do not follow links from Word documents originating from untrusted sources.
Provided and/or discovered by:
Jesse Ruderman
Other References:
SA12027:
http://secunia.com/advisories/12027/
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
