Have you ordered your copy of Dynaverse.Net Updated OP Strategy Guide? Order here : LULU.COM
0 Members and 1 Guest are viewing this topic.
The bickering between Microsoft and the Mozilla Foundation about registered protocol handlers and the resulting security problems continues. A new demo has been published, illustrating how the latest version of Firefox running under Windows XP SP2 can be made to start an application using crafted links. Clicking on a manipulated mailto:, nntp:, snews: or news: link opens the command line and the Windows calculator. In principle, any command can be executed and code can be injected and executed via a website in this way.However, for the demo to work, Internet Explorer 7 needs to be installed. If only Internet Explorer version 6 is installed, only the standard mail client Outlook Express opens. It is not entirely clear what role is being played by Internet Explorer 7 here. Installing IE 7 clearly changes the way Windows processes URIs. This is clearly illustrated by what happens if you pass the "bad" link directly to the Windows shell via the "Run" option in the Start menu. With IE6 installed, Outlook Express is launched, with IE7, cmd.exe and the calculator.According to the Bugzilla entry for this problem, one reason for the new vulnerability is that Windows XP interprets the string %00 incorrectly. As a result, instead of the URL protocol handler, the FileType handler is called with the complete URL, via which it is then possible to call further programs with arbitrary arguments. To defuse the problem, the Firefox developers want to prevent the opening of links containing null bytes (%00). A patch implementing this has already been introduced into the development version. Until a new official version of Firefox is released, there is no viable workaround yet.