Re: Windows XP Explorer Executes Arbitrary Code in Folders
From: Stuart Moore (smoore.bugtraq_at_securityglobal.net)
Date: 01/26/04
- Previous message: Thor Larholm: "RE: Self-Executing FOLDERS: Windows XP Explorer Part V"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 26 Jan 2004 15:09:55 -0500 To: Thor Larholm <thor@pivx.com>, bugtraq@securityfocus.com
Thor,
>Why don't we call a spade a spade?
You are rather humorous! But I can be humorous, too: why don't we call a folder a folder?
Seriously, though, the interesting part is indeed not the self execution and not the HTML
in Local zone. The more interesting part is the HTML file as folder. Considering that
the typical Microsoft OS user has no clue what a MIME type is (and, for that matter, does
not know what HTML is, and doesn't know about zones), do you think that having an HTML
file be announced by the operating system's GUI as a folder is a Good Thing or a Bad
Thing? I would suggest that it leans more towards Idiot Engineering (http-equiv's term)
than Trustworthy Computing (MS term).
Stuart
- Previous message: Thor Larholm: "RE: Self-Executing FOLDERS: Windows XP Explorer Part V"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
