[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <00f001c3e43b$cda54670$6401a8c0@0xff>
From: thor at pivx.com (Thor Larholm)
Subject: Windows XP Explorer Executes Arbitrary Code in Folders
I just sent this to the other lists:
====================
Why don't we call a spade a spade? You renamed an HTML file from "My
Pics.html" to "My Pics.Folder", it's still an HTML file and not a folder.
In fact, except for the changed file extension this is simply just a repeat
of your previous post, "Self-Executing HTML: Internet Explorer 5.5 and 6.0
Part IV", except that the ".Folder" file extension is new to Windows XP and
makes the file have a folder icon.
When you open any file regardless of extension, Explorer tries to find the
proper application to open the file with. This involves inspecting the first
section of the files content and comparing it to a list of known signatures.
You can read about "MIME Type Detection in Internet Explorer" at
http://msdn.microsoft.com/workshop/networking/moniker/overview/appendix_a.asp
We already know that opening HTML files from the My Computer zone is
equivelant to opening an EXE file, given the executional rights provided by
the zone. The only solution to this is to lock down the My Computer zone
which I have been trying to advocate for some time now and Microsoft has now
promised to do in Service Pack 2 for Windows XP.
Regards
Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor@...x.com
Phone: +1 (949) 231-8496
PGP: 0x5A276569
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569
PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix <http://www.qwik-fix.net>
----- Original Message -----
From: "JacK" <jack@...securite.org>
To: <full-disclosure@...ts.netsys.com>
Sent: Monday, January 26, 2004 4:54 AM
Subject: [Full-Disclosure] Windows XP Explorer Executes Arbitrary Code in
Folders
> Hello,
>
> http://www.securitytracker.com/alerts/2004/Jan/1008843.html
> --
> JacK
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
Powered by blists - more mailing lists