Re: [Full-disclosure] Fix for NTFS permissions issue in QuickTime 7.xfor Windows

Stefan Kanthak Thu, 22 Sep 2011 09:51:54 -0700

Geoff Strickler wrote:

[...]


> Below is the text of the
> CVE-2010-0530-fix-perms-all-profiles-targeted.bat
> batch file.

> rem ---- Start of script:
>   rem Write a logfile to "CVE-2010-0530-log.txt" in the current user's
>   rem  temporary directory.
> echo %0 >%temp%\CVE-2010-0530-log.txt
           ^                           ^
Please repeat after me: EVERY pathname which may contain blanks has to be
quoted!

>    rem -------- revoke permissions for XP and earlier systems
>    rem  from %userprofile%\Local Settings\Application Data\Apple Computer
>    rem  and it's "QuickTime" subdirectory.

Both "Local Settings" and "Application Data" exist only on english (or MUI)
installations of Windows NT 5.x.

The localized directory names but can be constructed as follows:

SetLocal EnableDelayedExpansion
Set LocalizedAPPDATA=!APPDATA:%USERPROFILE%=%%~i!
If /I "%TEMP:~-5,5%" == "\TEMP" Set 
LocalizedLOCALAPPDATA=%TEMP:~0,-5%!LocalizedAPPDATA:%USERPROFILE%=!


An alternative (straightforward) way to construct LOCALAPPDATA in *.CMD:

Call :DIRNAME "%TEMP%"
Call :BASENAME "%APPDATA%"

Set LOCALAPPDATA=%DIRNAME%%BASENAME%
Set BASENAME=
Set DIRNAME=
Goto :EOF

:BASENAME
Set BASENAME=%~nx1
Goto :EOF

:DIRNAME
Set DIRNAME=%~dp1
Goto :EOF


Stefan Kanthak

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fix for NTFS permissions issue in QuickTime 7.xfor Windows

Reply via email to