Full Disclosure mailing list archives

RE: Microsoft Windows XP SP2

From: "Todd Towles" <toddtowles () brookshires com>
Date: Thu, 19 Aug 2004 15:53:41 -0500

I personally think that Microsoft should turn the "hiding of file types"
off by default. We all turn it off and it doesn't help basic users learn
file types. They go by the icons and therefore the icon issue is a
better security threat. 

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Michael
Young
Sent: Thursday, August 19, 2004 2:23 PM
To: 1 () malware com; full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] Microsoft Windows XP SP2

Confirmed icon vulnerability as working on SP1 and SP2.  I found that
regedit.exe, winhelp.exe, and explorer.exe are also vulnerable and
display their corresponding icon.  I am unsure as to how useful this is
as a vulnerability, but it shouldn't be present none the less.

Michael Young
IT Consultant
Miles Technologies
(856)439-0999

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of
http-equiv () excite com
Sent: Thursday, August 19, 2004 11:35 AM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Microsoft Windows XP SP2



Let's commence by giving credit where credit is due. The thinking is
that the manufacturer of Windows XP has done a splendid job in patching
their little operating system with 300 million dollar's worth of fixes.
This is not exactly 'pocket change'.

But this is:

1. trivial scripting in the local zone
2. notepad icon regardless of file in XP's little zip thing

http://www.malware.com/malware.sp2.zip

many other 'bits and pieces' to be had but overall a splendid effort on
the manufacturer's part [for now]. Not quite sure where all that money
went though.


End Call


--
http://www.malware.com






_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Microsoft Windows XP SP2 http-equiv () excite com (Aug 19)
- RE: Microsoft Windows XP SP2 Michael Young (Aug 19)
- RE: Microsoft Windows XP SP2 joe (Aug 19)
- <Possible follow-ups>
- RE: Microsoft Windows XP SP2 Todd Towles (Aug 19)