[27519] in bugtraq
Re: KaZaA
daemon@ATHENA.MIT.EDU (Alex Lambert)
Fri Oct 18 23:42:50 2002
Message-ID: <04d801c276e8$c1b881e0$0700010a@apl.qfis.net>
From: "Alex Lambert" <alambert@webmaster.com>
To: "David Krum" <frobnitz@msn.com>, <bugtraq@securityfocus.com>
Date: Fri, 18 Oct 2002 15:55:57 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Kazaa's IE control (at least in 1.7.x) seems to treat certain URLs
differently, too, which could pose a problem. For example,
http://localhost/KazaaSearchQuery performs a search (a form for this is
displayed on desktop.kazaa.com). Putting more than 272 bytes into the query
argument causes a crash; I haven't checked if it's posisble to run malicious
code with this.
apl
----- Original Message -----
From: "David Krum" <frobnitz@msn.com>
To: <bugtraq@securityfocus.com>
Sent: Friday, October 18, 2002 11:33 AM
Subject: KaZaA
> I'm concerned about all the applications which utilize ie browser
controls.
> There are a lot of adware programs with little ads. Some of these ads
have
> activex, java, flash, js. Any one of these capabilities in the wrong zone
> could be dangerous.
>
> My attention was first drawn to this when I noticed KaZaA launching popups
> sourced from the local hard disk. Surely these ads are running in the
local
> zone. To use software that does this I have to trust them to audit the
ads
> given to them?
>
> _________________________________________________________________
> Broadband? Dial-up? Get reliable MSN Internet Access.
> http://resourcecenter.msn.com/access/plans/default.asp
>
>
