RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype

From: Jim Slora <Jim.Slora@phra.com>
To: bugtraq@securityfocus.com
Cc:
Subject: RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
Date:


Roger A. Grimes wrote Friday, October 05, 2007 3:54 PM


> I'm asking, with genuine interest and a listening ear, what is the best 
> long term
> solution you envision, to solve the larger problem?

Apparently the long term solution is for third-party apps to point blame at 
Microsoft, and for Microsoft to point blame at third-party apps. They are 
both right except in absolving themselves.

To start with this problem does not exist under IE6, regardless of 
third-party protocol handler vulnerability. So the question is, why did it 
open up after installing IE7? This portion is for Microsoft to address - 
either it is a required consequence of new functionality that they should 
reconsider, or it is a mistake that they should fix.

The individual third-party applications also need to sanitize their input of 
course.

 






Copyright © 1995-2018 LinuxRocket.net. All rights reserved.