> > Miranda IM and Miranda Installer Let Local Users Execute Arbitrary Code > > ... > > Exploitation requires an attacker to craft a malicious file with one of > the above extensions and convince a user to open and install it. Is this really a vulnerability in Miranda IM or in user behaviour? I don't see many advisories published for web browsers, yet they all allow arbitrary code execution. All you have to do is convince a user to click a link to a .exe file and press the open button. Yes, perhaps there should be more warning that untrusted plugins can be dangerous, but this is really down to the user. If the Miranda Installer automatically associated itself with .mir files and opened/installed them with no confirmation I could understand the problem, but the user has to both choose to download the plugin, choose to run/open the .mir file and then again choose to install it. I don't see how the installer is supposed to "validate" a plugin without automatically disassembling it and looking for malicious code since by nature all plugins are just DLLs that get loaded by Miranda. There are countless other applications that will load DLLs as plugins, I don't see how they are any more protected against malicious DLLs than Miranda is. I don't really think that just because Miranda provides an installer to copy the DLL to the plugins folder that it is any more vulnerable than any other application that instructs users to put DLL files into the plugins (or equivelant) directories. Rich.
