Bugtraq mailing list archives
Re: IE4 Custom Folder
From: ckd () CKDHR COM (Christopher K Davis)
Date: Fri, 2 Oct 1998 16:52:07 -0400
David LeBlanc <dleblanc () MINDSPRING COM> writes:
With respect to disabling this attack on Win95, your only options are (in personal order of preference):
1) Install NT, precreate desktop.ini files and lock them down 2) Don't share anything 3) Disable active desktop
I'm not sure #2 stops all variants of this attack; what happens if someone mails you a desktop.ini file, and then you go to look in your mailer's attachments directory? My (untested) guess is that you lose. -- Christopher Davis * <ckd-sig () ckdhr com> * <URL:http://www.ckdhr.com/ckd/> Put location information in your DNS! <URL:http://www.ckdhr.com/dns-loc/>
Current thread:
- IE4 Custom Folder Marc (Oct 01)
- Re: IE4 Custom Folder listuser () MAIL SEIFRIED ORG (Oct 01)
- Re: IE4 Custom Folder David LeBlanc (Oct 02)
- Several potential security problems in IBM/Tivoli OPC Tracker Age Klaus.Kusche () OOE GV AT (Oct 02)
- Announcements from The Palace (fwd) Mike Holling (Oct 02)
- Re: IE4 Custom Folder Christopher K Davis (Oct 02)
- Internet Wide DOS Attack using IRC dbarba (Oct 02)
- Re: Internet Wide DOS Attack using IRC Kameron Gasso (Oct 02)
- Re: Internet Wide DOS Attack using IRC [deicide] (Oct 02)
- Re: Internet Wide DOS Attack using IRC Bencsath Boldizsar (Oct 02)
- Re: IE4 Custom Folder listuser () MAIL SEIFRIED ORG (Oct 01)
- CERT: IN-98.04 Darren Reed (Oct 01)