Bugtraq mailing list archives

Re: IE4 Custom Folder

From: ckd () CKDHR COM (Christopher K Davis)
Date: Fri, 2 Oct 1998 16:52:07 -0400


David LeBlanc <dleblanc () MINDSPRING COM> writes:

With respect to disabling this attack on Win95, your only options are (in
personal order of preference):

1) Install NT, precreate desktop.ini files and lock them down
2) Don't share anything
3) Disable active desktop


I'm not sure #2 stops all variants of this attack; what happens if
someone mails you a desktop.ini file, and then you go to look in your
mailer's attachments directory?  My (untested) guess is that you lose.

--
Christopher Davis * <ckd-sig () ckdhr com> * <URL:http://www.ckdhr.com/ckd/>
Put location information in your DNS! <URL:http://www.ckdhr.com/dns-loc/>

Current thread:

IE4 Custom Folder Marc (Oct 01)
- Re: IE4 Custom Folder listuser () MAIL SEIFRIED ORG (Oct 01)
  - Re: IE4 Custom Folder David LeBlanc (Oct 02)
  - Several potential security problems in IBM/Tivoli OPC Tracker Age Klaus.Kusche () OOE GV AT (Oct 02)
  - Announcements from The Palace (fwd) Mike Holling (Oct 02)
  - Re: IE4 Custom Folder Christopher K Davis (Oct 02)
  - Internet Wide DOS Attack using IRC dbarba (Oct 02)
    - Re: Internet Wide DOS Attack using IRC Kameron Gasso (Oct 02)
    - Re: Internet Wide DOS Attack using IRC [deicide] (Oct 02)
    - Re: Internet Wide DOS Attack using IRC Bencsath Boldizsar (Oct 02)
- CERT: IN-98.04 Darren Reed (Oct 01)