Re: Self-Executing FOLDERS: Windows XP Explorer Part V
From: Liu Die Yu (liudieyuinchina_at_yahoo.com.cn)
Date: 01/27/04
- Previous message: lowhalo_at_hush.com: "Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code"
- Maybe in reply to: http-equiv_at_excite.com: "Self-Executing FOLDERS: Windows XP Explorer Part V"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 27 Jan 2004 08:25:55 -0000 To: bugtraq@securityfocus.com('binary' encoding is not supported, stored as-is)
here is what's happening here on my default and up2date winxp.home:
i downloaded the ZIP file at:
http://www.malware.com/my.pics.zip
double clicked it and another windows explorer popped up - there was folder inside the zip file.
then i double clicked the folder - and my screen was burning... :-P
i can play more interesting games when at my school:
just shout out : man, i've shared matrix3 in "mat3" folder on my machine \\UMBRELLA...
many guys will doubleclick that "folder" and get compromised. :-))))))
----------------------
conclusion:
cheating the victim into openning a folder icon is much easier than cheating them into openning an HTM file.
so this is excellent stuff!
another thing:
it works under "mcafee virus scan" at present.
added to my little collection of ie vulnz:
http://www.safecenter.net/UMBRELLAWEBV4/ie_unpatched/index.html
(a part of TRIE - http://continue.to/trie )
- Previous message: lowhalo_at_hush.com: "Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code"
- Maybe in reply to: http-equiv_at_excite.com: "Self-Executing FOLDERS: Windows XP Explorer Part V"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
