lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: exibar at thelair.com (Exibar)
Subject: Windows XP Explorer Executes Arbitrary Code in Folders

It sure didn't look like a normal folder to me either.  I could edit the
file and such and renaming the file to having an .HTM extension makes it
look like a "normal" html file.  Certainly not like a directory at all, but
a simple file.

  Exibar


----- Original Message ----- 
From: "Thor Larholm" <thor@...x.com>
To: "JacK" <jack@...securite.org>; <full-disclosure@...ts.netsys.com>
Sent: Monday, January 26, 2004 1:39 PM
Subject: Re: [Full-Disclosure] Windows XP Explorer Executes Arbitrary Code
in Folders


> I just sent this to the other lists:
> ====================
>
> Why don't we call a spade a spade? You renamed an HTML file from "My
> Pics.html" to "My Pics.Folder", it's still an HTML file and not a folder.
>
> In fact, except for the changed file extension this is simply just a
repeat
> of your previous post, "Self-Executing HTML: Internet Explorer 5.5 and 6.0
> Part IV", except that the ".Folder" file extension is new to Windows XP
and
> makes the file have a folder icon.
>
> When you open any file regardless of extension, Explorer tries to find the
> proper application to open the file with. This involves inspecting the
first
> section of the files content and comparing it to a list of known
signatures.
> You can read about "MIME Type Detection in Internet Explorer" at
>
>
http://msdn.microsoft.com/workshop/networking/moniker/overview/appendix_a.asp
>
> We already know that opening HTML files from the My Computer zone is
> equivelant to opening an EXE file, given the executional rights provided
by
> the zone. The only solution to this is to lock down the My Computer zone
> which I have been trying to advocate for some time now and Microsoft has
now
> promised to do in Service Pack 2 for Windows XP.
>
>
> Regards
>
> Thor Larholm
> Senior Security Researcher
> PivX Solutions
> 24 Corporate Plaza #180
> Newport Beach, CA 92660
> http://www.pivx.com
> thor@...x.com
> Phone: +1 (949) 231-8496
> PGP: 0x5A276569
> 6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569
>
> PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
> Qwik-Fix <http://www.qwik-fix.net>
>
>
>
>
> ----- Original Message ----- 
> From: "JacK" <jack@...securite.org>
> To: <full-disclosure@...ts.netsys.com>
> Sent: Monday, January 26, 2004 4:54 AM
> Subject: [Full-Disclosure] Windows XP Explorer Executes Arbitrary Code in
> Folders
>
>
> > Hello,
> >
> > http://www.securitytracker.com/alerts/2004/Jan/1008843.html
> > -- 
> > JacK
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ