[28402] in bugtraq
KaZaA - Bad Zone
daemon@ATHENA.MIT.EDU (David Krum)
Tue Jan 7 20:52:57 2003
Message-ID: <02ca01c2b67e$038b71c0$ef0110ac@jonespg.net>
From: "David Krum" <bugtraq@jonespg.net>
To: <bugtraq@securityfocus.com>
Date: Tue, 7 Jan 2003 11:53:05 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
To follow up my mid Oct post:
KaZaA is still launching ads in the local zone. KaZaA was contacted 6 Jan
03 via their bug report page.
"Pop-up ads are being spawned from the local hard disk. This puts them in
the local zone. Scripts running in this zone can be harmful."
I am now awaiting their response.
To immunize KaZaA from this defect I have removed the permissions from the
directory it launches ads from. This has a nice side effect of not showing
ads. The directory to secure is: %WinDir%\AdCache
David
