Re: Windows vulnerability a feature claims Microsoft

[Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>]

__/ [ nessuno@xxxxxxxxxxxxxxxxxxx ] on Friday 07 July 2006 09:26 \__

> Quote:
> -------------
> ...but a spokesVole insisted that it was a feature that had legitimate
> users for customers.
> 
> He said it was important to clarify the difference between security
> problems and legitimate features. A feature allows someone to do
> something. A security hole helps an attacker do something they
> shouldn't be able to do. I trust we are all clear on that?
> ------------
> End quote
> 
> http://www.theinquirer.net/default.aspx?article=32847
 
Also see Ghost's insightful analysis in an earlier threat about this:

,----[ Complete snippet ]
| Newsgroups: comp.os.linux.advocacy
| From: The Ghost In The Machine <ewill@xxxxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: [News] More Windows/Internet Explorer Holes, Microsoft in 
| Denial
| 
| This works even on IE6 running on Linux.  Here's how.
| 
| [1] Create a small C++ file with the following source code.
| 
| #include <cstdio>
| #include <cstdlib>
| #include <unistd.h>
| 
| int main(int argc, char **argv)
| {
|         system("xterm -e 
| /bin/bash/home/ewilliam/Desktop/www.stupidstuff.com.sh");
| 
|         return 0;
| }
| 
| [2] Compile:
| 
| g++ -o ~/Desktop/www.stupidstuff.com stupidstuff.C
| 
| [3] Create a shell script on one's desktop: www.stupidstuff.com.sh :
| 
| #!/bin/sh
| 
| echo HELLO, WORLD
| echo THIS IS GOOFY CALLING FROM A SHELL SCRIPT.
| echo Hit RETURN.
| read x
| 
| [4] Invoke IE and type in www.stupidstuff.com ; hit return
| when instructed to make the xterm go away.
| 
| This did lock up a wineserver on my box, which needed
| a SIGTERM before it stopped consuming all sorts of CPU,
| on my box, so caveat emptor.  A subsequent invocation,
| however, performed normally.  Typical IE.
| 
| For its part Firefox ignores the issue totally, coming
| up with a webpage proudly blurting out "THIS DOMAIN
| NAME HAS JUST BEEN REGISTERED FOR ONE OF OUR CUSTOMERS!"
| (Fine.  Ask me if I give a hoot and sixpence.)  However,
| one can emulate in part IE's behavior by opening
| www.stupidstuff.com.sh using www.stupidstuff.com .
| 
| This trick doesn't seem to work with .BAT files on Linux,
| which is probably not all that surprising since IE is just
| punting on the matter anyway.
| 
| I could see this invoking
| 
| www.stupidstuff.com/braindead/crap
| 
| if the Desktop contains the directory www.stupidstuff.com as well.
| Could lead to some interesting (FSVO) malware.
`----