Cerca nel blog

2004/07/14

Falla “shell:” anche in Word e Messenger

Altre vitime della falla "shell:"


La stessa falla "shell:" interesserebbe anche Word e Messenger, secondo Secunia (fonte):

Microsoft's MSN Messenger and Word word processing application both support a feature that could give remote users access to functions that could be used launch applications on Windows computers, according to an alert from Secunia, which tracks software vulnerabilities.

... The applications both fail to restrict access to the "shell:" URI (Universal Resource Identifier), a feature that allows Windows users or software applications to launch programs associated with specific file extensions such as doc (associated with Word) or txt (associated with Notepad, the Windows text editing program), said Secunia, of Copenhagen.

Malicious hackers could launch programs associated with specific extensions using links embedded in Word documents or instant messages sent using MSN. However, the vulnerability does not allow attackers to pass instructions to the programs, which would allow more sophisticated attacks, Secunia said.

Nessun commento: