Advisory ID: HTB23219
Product: ArticleFR
Vendor: Free Reprintables
Vulnerable Version(s): 11.06.2014 and probably prior
Tested Version: 11.06.2014
Advisory Publication: June 11, 2014 [without technical details]
Vendor Notification: June 11, 2014
Public Disclosure: July 30, 2014
Vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:142
http://www.mandriva.com/en/support/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:143
http://www.mandriva.com/en/support/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:144
http://www.mandriva.com/en/support/security/
Joe Souza joe.so...@netmotionwireless.com wrote:
It is at the very least ignorant to call Microsoft's CreateProcess
behavior braindead.
What else is it then?
If anything it shows your complete lack of understanding of the issue.
Really? Let's see how good your understanding of the Win32 API
Joe Souza joe.so...@netmotionwireless.com wrote:
Stop sending HTML!
In Win32, WinExec is merely a wrapper around CreateProcess.
CreateProcess needs to support the same semantics that WinExec did.
It does: the Win16 API does NOT support LFNs, just SFNs. With this
precondition (which you did
You can blame the Mail app on Android for the HTML.
You have illustrated below exactly the reason why CreateProcess needs to handle
unquoted paths. Thanks for helping me make my point.
-Original Message-
From: Stefan Kanthak [mailto:stefan.kant...@nexgo.de]
Sent: Wednesday, July 30,
Joe Souza joe.so...@netmotionwireless.com wrote:
You can blame the Mail app on Android for the HTML.
I dont: I but blame PEBKAC for the HTML or other deficiencies.
You have illustrated below exactly the reason why CreateProcess
needs to handle unquoted paths. Thanks for helping me make my