Windows is doing the URI handling, not mIRC. This example can be just as easily duplicated by entering http:%xx../../../../../../../../../../../windows/system32/calc.exe".bat into the start->run dialog. http://www.kb.cert.org/vuls/id/403150 this is not a mIRC bug. On 10/4/07, 3APA3A <3APA3A@xxxxxxxxxxxxxxxx> wrote: > Dear Gavin Hanover, > > In this very case it's really seems to be mIRC problem ("unfiltered > shell characters"). It doesn't depend on URL handler and will work with > any valid URL handler. You can reproduce same vulnerability by entering > > http:%xx../../../../../../../../../../../windows/system32/calc.exe".bat > > Exploitable under Windows XP, not exploitable under Vista. > > --Wednesday, October 3, 2007, 11:59:45 PM, you wrote to jinc4fareijj@xxxxxxxxxxx: > > GH> is this a mirc bug or a mail client bug? > > >> mailto:%xx../../../../../../../../../../../windows/system32/calc.exe".bat > >> > > -- > ~/ZARAZA http://securityvulns.com/ > > > -- In God we trust, Everyone else must have an x.509 certificate.
