lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040127082555.10655.qmail@www.securityfocus.com>
Date: 27 Jan 2004 08:25:55 -0000
From: Liu Die Yu <liudieyuinchina@...oo.com.cn>
To: bugtraq@...urityfocus.com
Subject: Re: Self-Executing FOLDERS: Windows XP Explorer Part V




here is what's happening here on my default and up2date winxp.home:
i downloaded the ZIP file at:
http://www.malware.com/my.pics.zip
double clicked it and another windows explorer popped up - there was folder inside the zip file. 
then i double clicked the folder - and my screen was burning... :-P

i can play more interesting games when at my school:
just shout out : man, i've shared matrix3 in "mat3" folder on my machine \\UMBRELLA...
many guys will doubleclick that "folder" and get compromised. :-))))))

----------------------

conclusion:
cheating the victim into openning a folder icon is much easier than cheating them into openning an HTM file.
so this is excellent stuff! 

another thing:
it works under "mcafee virus scan" at present.

added to my little collection of ie vulnz:
http://www.safecenter.net/UMBRELLAWEBV4/ie_unpatched/index.html
(a part of TRIE - http://continue.to/trie )


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ