> I am truly shocked that seemingly, stuff like this needs to be said in > the year of 2013.
Completely right! > I'd have supposed that things like these should be known by *anyone* > doing anything even remotely similar to software development *at least* > since the end of the 8.3 filename era 15 years ago. Again: completely right! > Are you sure this is real and not a prank? o_O This is real: see <https://support.microsoft.com/kb/2781197> alias <http://technet.microsoft.com/security/bulletin/ms13-034> or <http://seclists.org/fulldisclosure/2013/May/10> for exactly this "stuff". And dont forget to read <http://seclists.org/fulldisclosure/2013/Aug/75> as well as <http://seclists.org/fulldisclosure/2013/May/14> Also see <https://bugzilla.mozilla.org/show_bug.cgi?id=871084>, <https://bugzilla.mozilla.org/show_bug.cgi?id=786407> and <https://bugzilla.mozilla.org/show_bug.cgi?id=868746> and notice especially how a Mozilla developer tries to weazel and ignore <http://msdn.microsoft.com/ibrary/ms997548.aspx>! JFTR: Windows is the ONLY system that covers such silly beginners errors due to the documented idiosyncrasy of CreateProcess() (see <http://msdn.microsoft.com/library/ms682425.aspx). Finally take a look at the registry subkey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] of your own Windows installation (if you have one): you'll most probably find unquoted pathnames in "UninstallString", for example: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SumatraPDF] "UninstallString"="C:\\Program Files\\SumatraPDF\\uninstall.exe" regards Stefan > regards > Pascal Ernster [ fullquote removed ] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
