lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: labaiss2003 at yahoo.co.uk (Good One) Subject: Microsoft hides certain types of files from your eyes + some filename parsing bug Microsoft HIDES certain types of files from your eyes: This one is old unpatched "behaviour" ... If you will create in windows explorer file : test.txt with content : <script> a=new ActiveXObject("WSCript.Shell"); a.run("CMD.EXE"); alert("Hello, I'm Silly Billy !"); </script> It will be executed if you will add CLSID to it's name and user double clicks it : test.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B} Note: CLSID will remain hidden (explorer will not show it up in any means) File name for user will remain : test.txt This adds numerous possibilities for viruses to fool end user into safe content. another filename parsing bug (system even cannot access it) : By some technics windows still allows to write file on harddisk with funny name like : test [good one :] .avi End user will expierence certain difficulties to remove it afterwards from system. It's name will change to "test [good one", it will have no extension, will show up 0 bytes etc, etc... Of course .url and .lnk are hidden as well, being "shortcuts" in m$ way. The contents of those files are up to you ... :-) For example : file "test.url" with this content will open your browser with alert. [DEFAULT] BASEURL=javascript:alert('hello mama !') [InternetShortcut] URL=javascript:alert('hello mama !') Modified=00027F010505010100 m$ is good for gaming, not for serious work.. - SomeMan. --------------------------------- ALL-NEW Yahoo! Messenger - sooooo many all-new ways to express yourself -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040708/7ae6c2e0/attachment.html
Powered by blists - more mailing lists