Bugtraq mailing list archives
Vulnerability in "Fujitsu Desktop Update" (for Windows)
From: "Stefan Kanthak" <stefan.kanthak () nexgo de>
Date: Wed, 8 May 2013 22:57:49 +0200
Hi @ll, Fujitsu's update utility "Fujitsu Desktop Update" (see <http://support.ts.fujitsu.com/DeskUpdate/Index.asp>), which is factory-preinstalled on every Fujitsu (Siemens) PC with Windows, has a vulnerability which allows the execution of a rogue program in the security context of the current user. The application is registered as control panel item via [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{070B64FF-795D-4DAA-88AD-6D3277C7E445}] @="Fujitsu DeskUpdate" The "shell object" with GUID {070B64FF-795D-4DAA-88AD-6D3277C7E445} is registered with [HKLM\SOFTWARE\Classes\CLSID\{070B64FF-795D-4DAA-88AD-6D3277C7E445}] @="Fujitsu DeskUpdate" "InfoTip"=expand:"@C:\\Program Files (x86)\\Fujitsu\\DeskUpdate\\DeskUpdate.exe,-132" "System.ControlPanel.Category"=dword:00000005 "System.Software.TasksFileUrl"="C:\\Program Files (x86)\\Fujitsu\DeskUpdate\\duconfig.xml" [HKLM\SOFTWARE\Classes\CLSID\{070B64FF-795D-4DAA-88AD-6D3277C7E445}\DefaultIcon] @=expand:"C:\\Program Files (x86)\\Fujitsu\\DeskUpdate\\DeskUpdate.exe,-0" [HKLM\SOFTWARE\Classes\CLSID\{070B64FF-795D-4DAA-88AD-6D3277C7E445}\Shell\Open\Command] @="C:\\Program Files (x86)\\Fujitsu\\DeskUpdate\\DeskUpdate.exe" The last entry is a pathname with unquoted spaces and allows the execution of the rogue programs "C:\Program.exe" and/or "C:\Program Files.exe", as documented in <http://msdn.microsoft.com/library/ms682425.aspx> Stefan Kanthak PS: long pathnames containing spaces exist for about 20 years now in Windows, EVERY developer should know how to use them properly, and EVERY QA should check their proper use!
Current thread:
- Vulnerability in "Fujitsu Desktop Update" (for Windows) Stefan Kanthak (May 09)