Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: FirstClass Client 7.1: Command Execution via Email Web Link

FirstClass Client 7.1: Command Execution via Email Web Link

From: Richard Maudsley <r_i_c_h_at_btopenworld.com>
Date: Mon, 05 Jan 2004 23:40:15 +0000

Product: FirstClass Desktop Client 7.1
Developer: SoftArc
URL: http://www.softarc.com/

Description: Users clicking on a maliciously crafted link will result in
local file execution.

Details:
FirstClass RTF formatted messages can include hyper-links to web URL's.
When the messages recipient clicks on the URL the web browser is launched
and navigates to the links URL. Crafting a malicious link is as simple as
typing the local filename into the URL field of the form.

The most effective exploit would be to execute logoff.exe, forcefully
terminating all running processes and logging the user out of their account.

C:\WINDOWS\SYSTEM32\LOGOFF.EXE

I wanted to mess with this further, but don't have time.

Also note that other protocols can be used to launch their associated software.

For example, hcp:// would launch the Windows help control panel,
telnet://.... you get the idea.

Goodnight,
        Richard Maudsley

http://www.mindblock.org/
Greetings: Windsor Boys School
Matt & Dave: nice job on the network.
Greetings: French, Garlic, Shiva -- WBS Security Crew ;)
Received on Jan 06 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]