Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

MSN, Word Vulnerable To Shell: URI Exploit

timothy posted more than 10 years ago | from the we'll-get-our-top-men-right-on-it dept.

Bug 392

LnxAddct writes "InfoWorld is reporting that a few Microsoft products are also vulnerable to the "shell:" scheme vulnerability found in Mozilla last week. These applications include Microsoft Word and MSN Messenger."

cancel ×

392 comments

Sorry! There are no comments related to the filter you selected.

Rally round the family (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9681242)

with a pocket full of shells

mod par3n7 up (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9681382)

for the subtle *N'Sync reference.

Fixed in SR2? (3, Funny)

djtripp (468558) | more than 10 years ago | (#9681246)

Well at least Mozilla will fix theirs...

Re:Fixed in SR2? (4, Funny)

ROOK*CA (703602) | more than 10 years ago | (#9681300)

Mozilla already fixed this vulnerabilty (Mozilla 1.7.1 & FireFox 0.92) took what 3 or 4 days after it was discovered ?

Microsoft will surely fix this in no more than 2 "Microsoft" Days which is around 6 months for the rest of Earth's population.

Mozilla Bug 163767 (3, Informative)

Sweetshark (696449) | more than 10 years ago | (#9681464)

While bug 250180 is pretty new, bug 163767 is ancient (08-2002) and describes the same problem, although being a bit more generic. I wouldnt shout too loud about fast bugfixing in OSS in this particular case. Although the bug is more a bug of Windows broken-by-design handling of URIs it still should have been fixed (or the features needed for the bug to work should have been disabled by default.)

Re:Mozilla Bug 163767 (3, Insightful)

fireman sam (662213) | more than 10 years ago | (#9681527)

So, perhaps Mozilla should have "bug fixes" for every windows flaw that they uncover? Wouldn't that introduce quite a bit of bloat?

Every application that uses this scheme is vulnerable.

Maybe someone should check to see if IE has this "bug" as well.

Re:Fixed in SR2? (4, Informative)

afidel (530433) | more than 10 years ago | (#9681485)

More like 2 years . The origional bug relating to handing off unhandled URI's to the OS goes back that far. It kept getting marked as "will not fix" because it was a stupid architectural decision that some of the guys at Netscape made. The decision was made recently to switch from a blacklist system to a whitelist system. This happened to coincide with lots of people switching to FireFox for security reasons and all of the sudden there was a patch to change the default behavior.

Re:Fixed in SR2? (1, Interesting)

ROOK*CA (703602) | more than 10 years ago | (#9681546)

Thanks for the correction guys, very informative as well....

I guess it would be more accurate to say that Mozilla corrected the vulnerability quickly after it was WIDELY publicized.

Just goes to show ya the Bugzilla scholars DO add value ;-) ...

Re:Fixed in SR2? (1, Funny)

Anonymous Coward | more than 10 years ago | (#9681491)

The article title should be changed to "Microsoft products also vulnerable to Microsoft flaw"

Without regression testing... (0)

Anonymous Coward | more than 10 years ago | (#9681563)

Assuming open source advocates fix bugs immediately upon hearing about them, then how much regression testing is actually done? None. With open source the hole is plugged (good), but the fallout from the problems the fix may cause are never addressed by the advocates until later. Up to this point Linux (open source) really has no large installed base. Lets see how long it takes before those quick patches do more harm than good.

indiana jones quote (3, Funny)

Jrod5000 at RPI (229934) | more than 10 years ago | (#9681247)

Intelligence Guy: "We have top men working on it right now."
Indy: "Who?"
Intelligence Guy: "Top... Men..."

David Lettermen Quote (0)

Anonymous Coward | more than 10 years ago | (#9681352)

"while you guys were down here talking, we were upstairs having hot buttered corn"!!!

HeHe!

Haha (4, Funny)

mboverload (657893) | more than 10 years ago | (#9681250)

Looks like Microsoft has been copying some source

=P

Re:Haha (5, Informative)

IoN_PuLse (788965) | more than 10 years ago | (#9681423)

Actually, it was their source that was the root of the problem in the first place. The whole "shell" thing is only in windows, unfortunately the article titles lead people to believe that it is a problem with Mozilla across all platforms, when in reality it only affects those running on a Windows platform.

Goes to show... (5, Insightful)

cloudkj (685320) | more than 10 years ago | (#9681251)

... what gets patched in the open source world gets exploited further in the proprietary world. MS should probably pay more attention to projects like Mozilla... it might save them a lot of time and effort in the long run.

Re:Goes to show... (4, Informative)

Frizzle Fry (149026) | more than 10 years ago | (#9681280)

The article is short on details. Does this really work on xp sp2? I know that xp sp2 protected against the Mozilla exploit, so I would imagine the same is true here. Which would make your claim that these sorts of things are only fixed "in the open source world" seem pretty specious.

Re:Goes to show... (3, Funny)

tolan-b (230077) | more than 10 years ago | (#9681386)

Oh good, I'll go and download SP2 then... What's that? It's been delayed to mid-August? Oh dear!

Re:Goes to show... (3, Insightful)

Frizzle Fry (149026) | more than 10 years ago | (#9681508)

Oh good, I'll go and download SP2 then

Good. Go download it [microsoft.com] . Or don't. But at least don't be a hypocrite like half the people here and say that sp2 "doesn't count" until it reaches final release form, while firefox "counts" even though it's also in pre-release form (not even at 1.0 yet). Sort of like when people claim that IE on xp doesn't have popup blocking but firefox does.

Re:Goes to show... (5, Insightful)

Anonymous Coward | more than 10 years ago | (#9681402)

The URI exploit in its general form is mitigated by the fact that you can't pass any command-line arguments to the command. So you can launch a bunch of Notepads, so what? However, you CAN type a filename in and have it open in its associated application. If that filename is too long, you can exploit a buffer overflow in the helper application. There happens to be a plentitude of client applications on a standard XP box with buffer overflow possibilities. Once you're there, go anywhere you want with the privileges of the user on the XP box (which is usually admin, and if not, you can usually get admin without a lot of effort).

Anyway, SP2's memory protection would have prevented the overflow attack. It would not have prevented the most general (and less harmful) form of the attack, however.

What the original poster was probably meaning, if he had a point at all, was that non-Windows systems don't do this sort of "command-line-as-a-protocol" bullshit because it's quite obviously the wrong way to do things. Security through obscurity works in a lot of cases because people think "nobody would EVER design an OS that did THIS" and they never bother to look. Well, now someone's looked and found an ancient kludge coded by someone who probably doesn't even work for MS anymore. And more man-hours are going into fixing this bug than would have gone into creating a proper implementation of whatever this goober was trying to accomplish in the first place.

That said, Open Source isn't pixie dust that makes everything happy and secure. Stupid things happen in Linux. They just happen in the open where people can find them and fix them before applications start relying on them to function.

Re:Goes to show... (0)

Anonymous Coward | more than 10 years ago | (#9681479)

That said, Open Source isn't pixie dust
Then why does it make me so fucking high???

Hello Mr. Time Traveller (1)

Lochin Rabbar (577821) | more than 10 years ago | (#9681416)

I kI know that xp sp2 protected against the Mozilla exploit

Are you posting from the future, sometime like september? Which might be after sp2 is finally released [slashdot.org] , because given MS's history just because something is fixed in the beta doesn't mean it will make the final cut.

only fixed "in the open source world" seem pretty specious

That's not what was said and you know it.

Re:Goes to show... (0)

Anonymous Coward | more than 10 years ago | (#9681440)

Well, SP2 won't be out til August now, since Microsoft is trying to let Intel catch up to AMD.

Re:Goes to show... (0)

Anonymous Coward | more than 10 years ago | (#9681406)

... what gets patched in the open source world gets exploited further in the proprietary world. MS should probably pay more attention to projects like Mozilla... it might save them a lot of time and effort in the long run.

SFU you smug asshole

My mind is spinning (1, Funny)

tentimestwenty (693290) | more than 10 years ago | (#9681252)

Aren't we over our bugs-o-the-day limit?

Re:My mind is spinning (2, Funny)

DeepHurtn! (773713) | more than 10 years ago | (#9681437)

MS Bugs: They're the New SCO.

bwahahahahaha (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#9681258)

Lovely.

Exactly. (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9681266)

*BSD is dead, and this proves it.

Open Source vs. Microsoft (4, Insightful)

ZZeta (743322) | more than 10 years ago | (#9681273)

Well now, let's see how long it takes for their patch to come out.

Re:Open Source vs. Microsoft (3, Funny)

Anonymous Coward | more than 10 years ago | (#9681293)

Well now, let's see how long it takes for their patch to come out.

Not as fast as the FUD they'll put out.

Re:Open Source vs. Microsoft (3, Insightful)

LostCluster (625375) | more than 10 years ago | (#9681355)

Well, what Microsoft users have shown time and time again is even when the patch does come out, it's often not applied on many machines.

Re:Open Source vs. Microsoft (1)

Pharmboy (216950) | more than 10 years ago | (#9681474)

Its not a bug, its a feature. Besides, its more FUD than fact. As long as the offending packet has the Evil Bit [slashdot.org] set, then there is no chance that any Microsoft software can be exploited. As for Linux, I am not aware of any kernel patches that can utilize filtering by Evil Bit, although I am sure the BSD crowd has already addressed this issue.

I confess! (1)

MisanthropicProgram (763655) | more than 10 years ago | (#9681490)

I know to the second when a patch comes out for Windows! Really! But I don't apply it! Why, you ask. Because, I'm still stuck in adolescence and I want to be a rebel! That's right. I want to run my machine with no patches - hackers be damned! Who are you people to tell me to patch my machine? Ha! I take chances - what's the saying, "You don't wear a raincoat in the shower." or something like that. You know what I mean.

Later on.. our Windows user gets an unstable system and funny looking things on his dick.

Re:I confess! (0)

Anonymous Coward | more than 10 years ago | (#9681534)

OMG. Please tell me that you really *are* that screwed up. If you are, then you are my new hero.

Re:I confess! (1)

DAldredge (2353) | more than 10 years ago | (#9681568)

I miss Ogg and the NPNAP trolls. They where at least original.

Re:Open Source vs. Microsoft (0)

Anonymous Coward | more than 10 years ago | (#9681538)

And we ALL know that if Linux were on 95% of the desktops users would ALWAYS keep their machines up to date with the latest patches.

Let's face it - the reason most Linux boxes stay updated is because we're geeks who check for that sort of thing. Ma & Pa Kettle tend to forget little things like that. It's why I set my parents XP box to auto-update.

Re:Open Source vs. Microsoft (0)

Anonymous Coward | more than 10 years ago | (#9681431)

Well, it was reported against Mozilla about two years ago, so I guess if MicroSoft fixes it before 2006 they would be more responsive than the Mozilla folks, yes?

the other one _wasn't_ Mozilla's falut (0)

Anonymous Coward | more than 10 years ago | (#9681434)

it simply passed on requests it didn't understand, it was a bug in the OS itself,
the Mozilla hack is just that, a hack to
cover a deeper Windows vulnerability.

Word 2004 for OSX Safe? (4, Interesting)

artlu (265391) | more than 10 years ago | (#9681278)

Anyone know if Word 2004 for OSX is safe from the URI exploit? I know that the macs have been having trouble with the URI exploit over the past few months based on some articles I've read at macslash.
Aj

GroupShares Inc. [groupshares.com] - A Free and Interactive Stock Market Community

Re:Word 2004 for OSX Safe? (4, Insightful)

afidel (530433) | more than 10 years ago | (#9681310)

Well since the Mozilla URI exploit was specific to XP I would imagine that these exploits would likewise be limited to a vulnerable OS.

Re:Word 2004 for OSX Safe? (1)

afidel (530433) | more than 10 years ago | (#9681509)

Troll? Wow, posting correct information is now considered trolling. I really hope someone nails that idiot in metamod.

Re:Word 2004 for OSX Safe? (5, Informative)

Alex Brasetvik (554885) | more than 10 years ago | (#9681322)

Mac OS X' Safari had a very similar flaw, where one could use disk:// to mount a disk image, which could execute whatever it wanted to.

That flaw was fixed with the 2004-06-07 security update [apple.com] .

Re:Word 2004 for OSX Safe? (1)

Alex Brasetvik (554885) | more than 10 years ago | (#9681345)

Sorry for being inaccurate first.

It wasn't really Safari being exploitable, but "LaunchServices":

Impact: LaunchServices automatically registers applications, which could be used to cause the system to run unexpected applications.

The flaw basically worked the same way as the shell://-exploit -- making the OS decide what to do with the protocol.

I have this to say about that... (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9681284)

give.........it.........up.

MSN and Word? (1, Funny)

Anonymous Coward | more than 10 years ago | (#9681289)

Fortunate that I don't have them then! :)

Quite a coincidence (3, Funny)

cookie_cutter (533841) | more than 10 years ago | (#9681291)

How obscure is this bug?

If it's non-obvious and contrived, is it reasonable to assume that Microsoft could be lifting, or at least peeking at, code from the mozilla project and replicating it in their own browser?

Naw; if that were true, IE wouldn't suck so much.

Re:Quite a coincidence (4, Informative)

LostCluster (625375) | more than 10 years ago | (#9681335)

It's not as much a bug but a dumb feature.

shell:[program-name] is supposed to be a URI syntax for running any given program on the computer. Of course, this is a slightly dangerous thing to have available for any given document to trigger unannounced, but it is a rather useful feature to have if somebody wants to tell everybody on a company network how to run a program that was just installed.

Re:Quite a coincidence (3, Informative)

Platinum Dragon (34829) | more than 10 years ago | (#9681341)

It's not reasonable at all, if I understand the nature of the shell: exploit in Mozilla.

shell: is handled by Windows itself. The browser simply passed the URI on to be dealt with, as Microsoft programmers intended.

Although there were concerns about allowing the browser to hand off unrecognized URIs to the underlying operating system two years ago, this particular exploit was recognized and patched within a day, by preventing Mozilla from passing shell: stuff on.

Basically, it's an exploitable Windows function that could be accessed through Mozilla and other programs written to allow such things.

Another successful shot in the foot from Redmond.

Re:Quite a coincidence (1)

StrongAxe (713301) | more than 10 years ago | (#9681365)

If it's non-obvious and contrived, is it reasonable to assume that Microsoft could be lifting, or at least peeking at, code from the mozilla project and replicating it in their own browser?

Naw; if that were true, IE wouldn't suck so much.


That is only true if they are lifting good code fragments. However, the very fact that it has this bug puts that assumption into question.

Re:Quite a coincidence (1)

mldl (779187) | more than 10 years ago | (#9681452)

The mozilla code fix amounts to: if (URI == "shell") nsJustSayNo(); There isn't much to steal. However that's only the temporary fix of "destroying the keys", I'm sure destroying the lock is far more difficult.

Re:Quite a coincidence (1)

TrancePhreak (576593) | more than 10 years ago | (#9681462)

Yeah, I'm sure that Moz code will work in IE without having to hack it together at all.... Or not.

Already fixed? (4, Informative)

Marxist Hacker 42 (638312) | more than 10 years ago | (#9681295)

I just tried it in Microsoft Word 2002, with XP SP1 and all of the approved hotfixes for my agency, and it restricted it just fine- wouldn't even recognize it as a hotlink.

Re:Already fixed? (1)

ttldkns (737309) | more than 10 years ago | (#9681325)

nah, you see, what you have to do is go insert>hyperlink and paste something like shell:c:\windows\explorer.exe in the hyperlink box and then click ok. It will then pass the unknown protocal off to windows like mozilla did and windows will answer. Only works on windows NT,2000, and XP though.

Re:Already fixed? (1)

Marxist Hacker 42 (638312) | more than 10 years ago | (#9681389)

I get "Cannot Find shell:c:\windows\explorer.exe". And yes, I doublechecked Explorer.exe's location. The fact that the error message is including "shell:" tells me that it's simply not interpreting the protocol correctly in Word 2002, XP SP1. Might work in Office 2000 though, or some other version, YMMV. Of course, the State of Oregon is too cash poor to provide contractors with Office 2003.....

Re:Already fixed? (4, Informative)

jesser (77961) | more than 10 years ago | (#9681514)

You're using the wrong URL. It's

shell:windows\explorer.exe

Fixed in Word 2003 (5, Informative)

AzrealAO (520019) | more than 10 years ago | (#9681572)

Microsoft Word 2003 w/Latest Updates.

Insert > Hyperlink
shell:explorer.exe (path should be unneccessary, tried shell:windows\explorer.exe as well)

Critical Error Dialog pops up

Opening "shell:explorer.exe"

Hyperlinks can be harmful to your computer and data. To protect your computer, click only those hyperlinks from trusted sources. Do you want to continue?
Yes | No

Pressed Yes and nothing to happened.

Re:Already fixed? (0)

Anonymous Coward | more than 10 years ago | (#9681530)

It doesn't work in 2003. It a) earns that opening hyperlinks is unsafe yadda yadda Yes or No
then b) says the folder shell:c:\winnt\explorer.exe doesn't exist

Can only allow programs to be run... (4, Interesting)

NightWulf (672561) | more than 10 years ago | (#9681306)

According to the article "Malicious hackers could launch programs associated with specific extensions using links embedded in Word documents or instant messages sent using MSN. However, the vulnerability does not allow attackers to pass instructions to the programs..." Now call me crazy, and I know i'll probably piss off the microsoft hating people here, but what harm is there really? What's some "hacker" gonna do, open up Acdsee and show my porn collection to well...me? Maybe pop open a few dozen IE windows or programs to force me to reboot? If there's nothing else being transferred it's really just more of a nuisance than something major. Or am I just reading this wrong?

Re:Can only allow programs to be run... (1)

Bottlemaster (449635) | more than 10 years ago | (#9681367)

Unless you have Acdsee configured to show your porn collection upon starting, they couldn't even do that. But maybe you do...

Re:Can only allow programs to be run... (2, Funny)

Lord Bitman (95493) | more than 10 years ago | (#9681425)

You don't?

Re:Can only allow programs to be run... (1)

mibus (26291) | more than 10 years ago | (#9681381)

If nothing else they can hang your machine... the original exploit contains a DoS example.

Also, some apps aren't so friendly - wouldn't it be funny if there was a reboot.exe... ;-)

Re:Can only allow programs to be run... (1, Insightful)

sbszine (633428) | more than 10 years ago | (#9681396)

Maybe they could delete your hard drive, or open ports to let something really nasty in, or use your email client to send spam. Depending on what it can pass to the shell, this could be very nasty indeed.

Re:Can only allow programs to be run... (3, Informative)

TrancePhreak (576593) | more than 10 years ago | (#9681522)

Considering it doesn't allow you to pass parameters as mentioned by the article, all of that would be very hard to accomplish.

Re:Can only allow programs to be run... (0)

Anonymous Coward | more than 10 years ago | (#9681574)

for now, until someone figures out a way to do that.
it wont take long either

Re:Can only allow programs to be run... (1)

MisanthropicProgram (763655) | more than 10 years ago | (#9681397)

I don't know. MS, in their quest to make things user friendly, has allowed some very insecure things in their OS. I don't of any, but I'm sure some hacker who knows every little in and out of all of MS's products could do some serious damage.

Re:Can only allow programs to be run... (1)

Platinum Dragon (34829) | more than 10 years ago | (#9681400)

However, the vulnerability does not allow attackers to pass instructions to the programs..." Now call me crazy, and I know i'll probably piss off the microsoft hating people here, but what harm is there really?

Malicious web site quietly downloads executable that is the Son of Back Orifice, in a way similar to how your favourite spyware and malware installs itself.

Malicious website contains shell: URI referencing location of said executable, which does not require arguments to start.

Victim is tricked into clicking on dangerous link, or .exe is automatically executed via a script that passes a shell: URI.

Pwn3d!!1!!1!11!!!11

This is just off the top of my head--I'm sure someone more knowledgable about Windows exploits could have great fun with this.

Re:Can only allow programs to be run... (1)

mr_burns (13129) | more than 10 years ago | (#9681445)

how about a worm or virus spreads for a few months and lies dormant so nobody notices, nobody issues AV patches, then the attacker(s) use this URI exploit to trigger the nasty payload in one swell 15 minute swoop.

Instead of having code in there that waits till a certain time to activate (which could be detected by a host based IDS) or needs to download another component from rooted server x (that could be blocked at the router or local firewall level) there would be nothing wrong, and then sudenly all over the globe everything is wrong.

pretty nasty

Re:Can only allow programs to be run... (0)

Anonymous Coward | more than 10 years ago | (#9681470)

well... obviously, it will try to fetch and install an open mail relay, and spyware to keystroke log your session and swipe your passwords, cookies, and contact lists for further hacking.

also, if you have a fast connection, you will be hijacked and used to post spam and other illegal things using your login and ip address.

you may have to argue pretty hard about how stupid you are if you don't want to be liable for those sort of things

Re:Can only allow programs to be run... (2, Interesting)

TiggertheMad (556308) | more than 10 years ago | (#9681471)

The article is rather vague on this point. The could mean that Hackers cannot pass command line parameters to the programs, which would probably make the bug more of a nusance. OTOH, they could mean that once started, they cannot interface with the text window/GUI. This would be a big deal to me, because as I mentioned, it might allow them to pass command line parameters when starting it.

For example, FORMAT c: \Y or something similar to bypass the fail-safe that the FORMAT command had?

Re:Can only allow programs to be run... (1)

netsharc (195805) | more than 10 years ago | (#9681498)

Trying to format the system drive from inside Windows would bring the error message "Cannot format, drive in use." (or something similar) Go ahead, try it. ;)

Re:Can only allow programs to be run... (1)

Tatarize (682683) | more than 10 years ago | (#9681567)

Yeah, you gotta hit them with a deltree.

Dear Slashdot (-1)

Anonymous Coward | more than 10 years ago | (#9681311)

I am starting out my career as software tester and bug finder. Can I borrow $150 from someone here to get a copy of Microsoft Word and find some vulnerabilities in it? Please leave your paypal address and I will send you an invoice.

Thanks.

Re:Dear Slashdot (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9681359)

Dear Treasured Homosexual Reader and Contributor,

I would advise you to use a peer-to-peer file sharing program and downloading a copy along with a keygen or crack program.
If this is beyond your means and you happen to be among the few people on Slashdot who have friends then have a friend burn it on CD.

Much Love,

Rob "CmdrTaco" Malda-Fent

The War (1, Funny)

POds (241854) | more than 10 years ago | (#9681332)

So open source is literally infecting MS Windows :) So this is how we plan to take down the empire?

Re:The War (1)

Neil Blender (555885) | more than 10 years ago | (#9681385)

So open source is literally infecting MS Windows

So it appears that Ballmer was right all along.

Ready...set...GO (3, Insightful)

linuxwrangler (582055) | more than 10 years ago | (#9681337)

By the time the Mozilla story was posted on Slashdot the fix was already available - the link was even posted with the story.

I don't see a patch posted with this story so I guess there's no way Microsoft can win the patch-speed race for this bug - all we will be able to do is place bets on just how much slower Microsoft is. Predictions, anyone?

Re:Ready...set...GO (0)

Anonymous Coward | more than 10 years ago | (#9681446)

Don't worry, it'll be in SP3

Re:Ready...set...GO (1)

Pharmboy (216950) | more than 10 years ago | (#9681503)

Don't worry, it'll be in SP3

Might as well say it is included in Half Life 2. Or Doom 3.

Now we know. (2, Interesting)

azuretongue (180140) | more than 10 years ago | (#9681340)

Now we know wether the shell scheme bug was in the OS or the application :)

Mac's safer if no MS code on them (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9681353)

In my 20+ years of using a Mac and getting only one virus, I can tell you how I did it, I ran as little Microsoft code as humanly possible.

I'm in IT, I'm 50 and I don't have any grey hair.

What's your story?

Re:Mac's safer if no MS code on them (0)

Anonymous Coward | more than 10 years ago | (#9681454)

In my 20+ years of using a Mac and getting only one virus, I can tell you how I did it, I ran as little Microsoft code as humanly possible.

I haven't used a Mac for several years, but between 1989 and 1999, I used them fairly heavily. I saw a single virus in those 10 years. A macro virus in Microsoft Word which I got by opening a word doc from a Windows machine.

Re:Mac's safer if no MS code on them (0)

Anonymous Coward | more than 10 years ago | (#9681494)

I've been using MS products almost exclusively for 20+ years and have never gotten a virus either. It's insanely easy to prevent if you give it even 10 seconds of thought and config. Something I admit 99% of computer users are not willing to do...

Misinformation... (4, Interesting)

Dwonis (52652) | more than 10 years ago | (#9681363)

"We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests, by helping to ensure that customers receive comprehensive, high-quality patches for security vulnerabilities with no exposure to malicious attackers while the update is being developed," the company said in an e-mail statement.

(Score: -1, Troll)

I find it interesting how they talk about "no exposure to malicious attackers", as if their products are magically invulnerable until someone discloses the hole to the public.

"Mozilla is just as bad as IE" (1)

Mitchua (755534) | more than 10 years ago | (#9681371)

HA! Take that M$ :-D

Two words come to mind (2, Funny)

peragrin (659227) | more than 10 years ago | (#9681373)

HA HA

Does it also count as the obligatory Simpson's quote?

Can we call them beleaguered now? (1)

BandwidthHog (257320) | more than 10 years ago | (#9681415)

I mean c'mon, WebSideStory confirmed it today and all.

Difference between MS and the rest (4, Insightful)

Todd Knarr (15451) | more than 10 years ago | (#9681420)

I think the handling of this problem demonstrates the difference between Microsoft software and other software like Mozilla. In Mozilla, the problem didn't even require a real patch to fix, just a quick config setting to tell it not to pass things along to the shell: handler. My bet is that fixing Word etc. will require not just multiple registry changes but actual new code to allow shell: to be disabled. And odds on the first thing they try is to just add filters, and we'll see half a dozen iterations of exploits of this using different ways past the filters until MS finally includes a patch to allow it to be disabled.

Re:Difference between MS and the rest (0)

Anonymous Coward | more than 10 years ago | (#9681553)

It will also break a lot of your in-house applications because they haven't been broke lately. Oh yeah, you know they one guy with the MS Office CD? His ass is going to be pretty busy since every computer in the organization will now need the disks to make changes to office.

Easy solution (0, Insightful)

Anonymous Coward | more than 10 years ago | (#9681439)

There's an easy solution to this. In fact, I'm using the solution right now.

I'm typing this on my computer running Windows 98. This overlooked operating system doesn't have the bloat that other OS's have, and it's a lot more secure. We don't even have the shell protocol, so there's no shell exploit to worry about it. Just turn off file sharing, use Mozilla, and everything's great.

In Microsoft's Defense... (5, Interesting)

SnprBoB86 (576143) | more than 10 years ago | (#9681459)

(that subject is a great way to get modded down)

I created a shell link inside Office Word 2003 and when I clicked it I was warned that the hyperlink contained a potentially dangerous target and that I should only proceed if I trusted the source of the document. This warning does not appear for http, https, ftp, or other common "safe" protocols.

I do not have MSN available for testing.

Thats why... (0)

Anonymous Coward | more than 10 years ago | (#9681469)

I use the only software not exploitable in Windows - Notepad!

"Exploit" (2, Insightful)

Lord Bitman (95493) | more than 10 years ago | (#9681473)

"This can be done easily with notepad. Click here to open notepad"

You know, some "it's not a bug, it's a feature" things really are features. I dont see how this is worse than while(true) { window.open(document.location); }

Stop Kissing Mozilla's Ass.. (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#9681478)

You will all pay dearly for switching over to Mozilla from Internet Explorer!

If you're going to make a switch, switch over to Lynx. Your computer will thank you. Oh, and your hands will thank you.

Why's that you might ask?

I swear, before the day is out I will break each and every finger on both of your hands, just because you feel like you need to run away from non-secure Microsoft products!

- The Lynx Development Team

P.S. Mozilla's ass hasn't got a thing on Lynx's!

What other programs are vulnerable? (4, Informative)

jesser (77961) | more than 10 years ago | (#9681497)

I'm the one who posted this message [netsys.com] to Full Disclosure. I was too lazy to test all popular e-mail clients, IM clients, word processors, etc. that run on Windows, so I posted after finding only two vulnerable programs. Who wants to help?

All you have to do is see if your programs accept links to shell:windows\notepad.exe. If clicking the link launches Notepad, it's vulnerable. If there's a warning dialog, it's somewhat vulnerable, depending on the wording of the dialog.

URI!? (3, Funny)

DonniKatz (623845) | more than 10 years ago | (#9681525)

As the University of Rhode Island (URI) University College Representative in the Student Senate, I can assure you that no student at the University of Rhode Island is exploiting Microsoft Word... we're only pirating it.....

Me Shell (0)

Anonymous Coward | more than 10 years ago | (#9681531)

Ma Bell

What's new? (0)

Anonymous Coward | more than 10 years ago | (#9681556)

Microsoft... vulnerable? Ya think?

Mozilla flaw? (5, Insightful)

ScriptGuru (574838) | more than 10 years ago | (#9681560)

The Article's title is: Microsoft products also vulnerable to Mozilla flaw That is gross misinfomation, it should be something along the lines of "Microsoft products allow exploit of OS flaw, similar to Mozilla." The flaw itself is in the Windows operating system. It exposes access to shell functions that applications need to blacklist. Application developers shouldn't need to be concerned with "Oh, I need to stop that protocol for security." It should be the protocol developer's responsibility to say "Is this safe?"

Misleading title - "...Mozilla flaw" (5, Insightful)

Slashcrunch (626325) | more than 10 years ago | (#9681573)

The title is quite misleading on first glance.

"Microsoft products also vulnerable to Mozilla flaw"

If it was a Mozilla flaw to start with, my linux boxes would be vulnerable. I know its picky, but the title is not accurate IMHO as Mozilla is being used to take advantage of a Windows feature, rather than the flaw itself existing in Mozilla.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>