Vulnerability Development mailing list archives
RE: help:// protocol in Windows XP Prof
From: "Rocky Heckman" <rocky.he () g-wizinnovations com>
Date: Fri, 9 Jul 2004 08:58:14 +1000
It's not necessarily a 'bug'. Keep in mind that the Windows Help feature is HTML and therefore IE based. If you open up Windows Help, or the MSDN you'll see that all of it's links and references are either file:// or help://. IE is just set up to handle protocol references the same way Explorer is set up to handle file extensions. So when you drop help:// into IE, it's only natural for it to try to open up what it thinks will be an HTML based help page. Granted, this can be exploitable if you were to slip some malicious JS into the 'Help' page and get a user to click on it. RH -----Original Message----- From: NETKOJI [mailto:netkoji () poczta onet pl] Sent: Thursday, 8 July 2004 8:17 AM To: vuln-dev () securityfocus com Subject: Re: help:// protocol in Windows XP Prof Hello vuln-dev, Bartosz Kwitkowski wrote:
There is funny thing in Internet Explorer 6.0 - Windows XP Professional
(fully patched).
When you are writing address in IE you can replace http:// by help:// example: http://wb.pl/bartosz = help://wb.pl/bartosz and than hit <ENTER>... Page will open... other... help://www.securityfocus.com - looks funny, isn't? :-) when IE opens page changes help:// to http:// BUT, BUT, when you are create hyperlink <a href="help://wb.pl/bartosz">check</a> it won't work - IE says syntax error... I'm trying to exploit this... Best regards, Bartosz Kwitkowski
The same 'bug' applies to all other IE browsers below 6.0 (Win98SE and Win2K). Doesn't look like anything dangerous to me though... NETKOJI
Current thread:
- help:// protocol in Windows XP Prof Bartosz Kwitkowski (Jul 07)
- Re: help:// protocol in Windows XP Prof NETKOJI (Jul 08)
- Re: help:// protocol in Windows XP Prof Jordan Cole (stilist) (Jul 09)
- RE: help:// protocol in Windows XP Prof Rocky Heckman (Jul 09)
- Re: help:// protocol in Windows XP Prof Derek Kwan (Jul 08)
- RE: help:// protocol in Windows XP Prof Lucas ValdeĆ³n (Jul 08)
- Re: help:// protocol in Windows XP Prof Jordan Cole (stilist) (Jul 08)
- Re: help:// protocol in Windows XP Prof pingywon MCSE (Jul 12)
- Re: help:// protocol in Windows XP Prof Bartosz Kwitkowski (Jul 12)
- <Possible follow-ups>
- Re: help:// protocol in Windows XP Prof Bartosz Kwitkowski (Jul 08)
- RE: help:// protocol in Windows XP Prof Weltha, Nick [ADM] (Jul 08)
- RE: help:// protocol in Windows XP Prof Calderon, Juan Carlos (GE Commercial Finance, NonGE) (Jul 08)
- RE: help:// protocol in Windows XP Prof Tyler Durden (Jul 09)
- RE: help:// protocol in Windows XP Prof Rocky Heckman (Jul 09)
- Re: help:// protocol in Windows XP Prof NETKOJI (Jul 08)