Hi @ll,
the current version of iTunes for Windows (and of course older versions
too) associates the following vulnerable command lines with some of the
supported file types/extensions:
daap=C:\Program Files (x86)\iTunes\iTunes.exe /url "%1"
itls=C:\Program Files (x86)\iTunes\iTunes.exe /url "%1"
Hi Stefan,
SANS had a good post on this a few years ago (
https://isc.sans.edu/diary/Help+eliminate+unquoted+path+vulnerabilities/14464),
which led to large number of services on windows machines with unquoted
paths being discovered and fixed. At that time I discovered that Windows
Defender on Wi
Well spotted.
That said, don't you have to be an admin to be able to create files in
these directories anyway?
So this is only exploitable on FAT, or by admin, or if the ACLs are
set incorrectly right?
--
Gynvael Coldwind
___
Sent through the Full Dis
ay, April 30, 2014 17:51
> To: Stefan Kanthak
> Cc: fulldisclosure@seclists.org
> Subject: Re: [FD] Beginners error: iTunes for Windows runs rogue program
> C:\Program.exe when opening associated files
>
> Hi Stefan,
>
> SANS had a good post on this a few years ago (
>
> http
Wednesday, April 30, 2014 17:51
To: Stefan Kanthak
Cc: fulldisclosure@seclists.org
Subject: Re: [FD] Beginners error: iTunes for Windows runs rogue program
C:\Program.exe when opening associated files
Hi Stefan,
SANS had a good post on this a few years ago (
https://isc.sans.edu/diary/Help+eli
lity.
>>
>> -Mike
>>
>> -Original Message-
>> From: Fulldisclosure [mailto:fulldisclosure-boun...@seclists.org] On
>> Behalf
>> Of Alton Blom
>> Sent: Wednesday, April 30, 2014 17:51
>> To: Stefan Kanthak
>> Cc: fulldisclosure@secli
tended behavior, yes; but I'd consider it hardly a vulnerability.
>>
>> -Mike
>>
>> -Original Message-
>> From: Fulldisclosure [mailto:fulldisclosure-boun...@seclists.org] On
>> Behalf
>> Of Alton Blom
>> Sent: Wednesday, April 30, 2014 17:51
>
[mailto:alton...@gmail.com]
Sent: Wednesday, April 30, 2014 18:18
To: Mike Cramer
Cc: Stefan Kanthak; fulldisclosure@seclists.org
Subject: Re: [FD] Beginners error: iTunes for Windows runs rogue program
C:\Program.exe when opening associated files
Hi Mike,
It's probalby better seen as a w
Sent: Wednesday, April 30, 2014 19:12
To: Alton Blom; Mike Cramer
Cc: fulldisclosure@seclists.org; Stefan Kanthak
Subject: Re: [FD] Beginners error: iTunes for Windows runs rogue program
C:\Program.exe when opening associated files
Also, keep in mind that it isn't just C:\Program.exe
What if a privi
-boun...@seclists.org
<mailto:fulldisclosure-boun...@seclists.org> ] On Behalf
Of Alton Blom
Sent: Wednesday, April 30, 2014 17:51
To: Stefan Kanthak
Cc: fulldisclosure@seclists.org <mailto:fulldisclosure@seclists.org>
Subject: Re: [FD] Beginners error: iTunes for Windows runs rogue pr
30, 2014 19:28
To: Mike Cramer
Cc: Alton Blom; fulldisclosure@seclists.org; Stefan Kanthak
Subject: Re: [FD] Beginners error: iTunes for Windows runs rogue program
C:\Program.exe when opening associated files
The practice of creating persistent services from temp directories is
"gene
> the current version of iTunes for Windows (and of course older versions
> too) associates the following vulnerable command lines with some of the
> supported file types/extensions:
They also install Bonjour and a couple of other services as NT
Authorty/SYSTEM, don't drop privileges, and open lis
"Gynvael Coldwind" wrote:
> Well spotted.
Thanks.
It's but a shame that such silly beginners errors are still present in
current software.
I didn't bother to look specifically for it since my "customers" and I
used german versions of Windows NT5.x until now, where %ProgramFiles%
is C:\Programme
Ironically, SNARE has this very problem.
Walt Williams
sent from my iPhone
Typos likely
> On Apr 30, 2014, at 17:51, Alton Blom wrote:
>
> Hi Stefan,
>
> SANS had a good post on this a few years ago (
> https://isc.sans.edu/diary/Help+eliminate+unquoted+path+vulnerabilities/14464),
> which led
gt;
> I have never actually seen malware take advantage of this, often times
> leveraging Kernel hooks and driver loading.
>
> It is unintended behavior, yes; but I'd consider it hardly a vulnerability.
>
> -Mike
>
>
> -Original Message-
> From: Fulldisclosure [mailto:
"Jeffrey Walton" wrote:
>> the current version of iTunes for Windows (and of course older versions
>> too) associates the following vulnerable command lines with some of the
>> supported file types/extensions:
>
> They also install Bonjour and a couple of other services as NT
> Authorty/SYSTEM,
Hi @ll,
> the current version of iTunes for Windows (and of course older versions
> too) associates the following vulnerable command lines with some of the
> supported file types/extensions:
[...]
The just released iTunes 11.2 still has this beginners error.
Unpack the iTunesSetup.exe (this is
17 matches
Mail list logo