you are missing the point. in the IE example a user goes to browse a page and then the is executed on the users computer.
In the messenger and MS Word examples you have given the user is just launching a process locally. ----- Original Message ----- From: "Jesse Ruderman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, July 11, 2004 1:11 PM Subject: [Full-Disclosure] MSN Messenger is vulnerable to the shell: hole > Clicking a shell:windows\notepad.exe link in MSN Messenger 6.2.0137 > launches Notepad. MSN Messenger even recognizes shell: as a protocol > and helpfully hyperlinks the URL. > > Ctrl+clicking a shell:windows\notepad.exe link in Microsoft Word > 10.2627.3311 launches Notepad. > > What others Windows programs (browsers, e-mail clients, IM clients, word > processors, etc.) are vulnerable to the shell: hole? > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
