Page 1 of 1

[Sec] Incorrect URI scheme registration

Posted: 01 Feb 2013, 23:13
by Pretorian
The following was submitted to
DC++ 0.802 and below incorrectly registers URI schemes in Windows

DC++ [1] is a chat and file sharing application for the Direct Connect [2] network.

DC++ registers three URI schemes in Microsoft Windows; dchub, adc and magnet. Microsoft outlines the approach in 'Registering an Application to a URI scheme' [3].

Security issue description
DC++ 0.802 and below registers the application in the registry key "HKEY_CURRENT_USER/Software/Classes/adc/Shell/Open/Command" (for adc, likewise for dchub and magnet). DC++ registers the application with the following command;
"C:\Program Files (x86)\DC++\DCPlusPlus.exe" %1
(where the path mentioned is where DC++ is installed)

Microsoft notes in the 'launching the handler' section that an application should register itself with quotation marks around the parameter that is passed to the application. DC++ 0.802 and below do not do this, as shown above. Microsoft specifies that the proper registration should look like;
"C:\Program Files (x86)\DC++\DCPlusPlus.exe" "%1"

Microsoft notes in the same article potential attack vectors and potential formatting problems.

Fix description
A fix was deployed to the DC++ source control on 4th of January, 2013 [4], with the suggested changes from Microsoft. This fix is in DC++ 0.810.

No known attacks or exploits are reported at this time.

Found and fixed by: Fredrik Ullner <ullner at>

[2] ... e_sharing)
[4] ... ision/3166
[5] ... nload.html