RE: Long path exploit on NTFS

["Moorhouse, Walt P" <WaltPMoorhouse () eaton com>]

We have Trend OfficeScan.  Trend finds it before the bat file can close the
SUBST drive (SUBST Q: /D).  It did however cause my realtime scanner's
interface to throw an exception.  It's still scanning, I just don't have the
cute little heartbeat line in the taskbar.
My question it this:  Assuming it had gotten past my scanner, it could not
be executed when the SUBST drive is removed could it?  Because it couldn't
be referenced to execute?  Wouldn't someone have to re SUBST the drive and
go it that way?  And if they have the ability to do that, why don't they
just run it while it is there?  Unless I'm missing something, I don't see
anything particularly dangerous about this, other than someone could eat up
all your HD space with dark matter files (look, I coined a term!).  Maybe I
missed something though, it's been a long day! Still, I agree it needs to be
addressed, but I would suggest the change should be made at the OS level,
rather than the app level.  Nice job finding this, Hans.

Walt Moorhouse
Network Administrator