lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <00f001c3e43b$cda54670$6401a8c0@0xff>
From: thor at pivx.com (Thor Larholm)
Subject: Windows XP Explorer Executes Arbitrary Code in Folders

I just sent this to the other lists:
====================

Why don't we call a spade a spade? You renamed an HTML file from "My
Pics.html" to "My Pics.Folder", it's still an HTML file and not a folder.

In fact, except for the changed file extension this is simply just a repeat
of your previous post, "Self-Executing HTML: Internet Explorer 5.5 and 6.0
Part IV", except that the ".Folder" file extension is new to Windows XP and
makes the file have a folder icon.

When you open any file regardless of extension, Explorer tries to find the
proper application to open the file with. This involves inspecting the first
section of the files content and comparing it to a list of known signatures.
You can read about "MIME Type Detection in Internet Explorer" at

http://msdn.microsoft.com/workshop/networking/moniker/overview/appendix_a.asp

We already know that opening HTML files from the My Computer zone is
equivelant to opening an EXE file, given the executional rights provided by
the zone. The only solution to this is to lock down the My Computer zone
which I have been trying to advocate for some time now and Microsoft has now
promised to do in Service Pack 2 for Windows XP.


Regards

Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor@...x.com
Phone: +1 (949) 231-8496
PGP: 0x5A276569
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569

PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix <http://www.qwik-fix.net>




----- Original Message ----- 
From: "JacK" <jack@...securite.org>
To: <full-disclosure@...ts.netsys.com>
Sent: Monday, January 26, 2004 4:54 AM
Subject: [Full-Disclosure] Windows XP Explorer Executes Arbitrary Code in
Folders


> Hello,
>
> http://www.securitytracker.com/alerts/2004/Jan/1008843.html
> -- 
> JacK
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ