Full Disclosure mailing list archives
Re: Windows XP Explorer Executes Arbitrary Code in Folders
From: "Exibar" <exibar () thelair com>
Date: Mon, 26 Jan 2004 15:41:38 -0500
It sure didn't look like a normal folder to me either. I could edit the file and such and renaming the file to having an .HTM extension makes it look like a "normal" html file. Certainly not like a directory at all, but a simple file. Exibar ----- Original Message ----- From: "Thor Larholm" <thor () pivx com> To: "JacK" <jack () websecurite org>; <full-disclosure () lists netsys com> Sent: Monday, January 26, 2004 1:39 PM Subject: Re: [Full-disclosure] Windows XP Explorer Executes Arbitrary Code in Folders
I just sent this to the other lists: ==================== Why don't we call a spade a spade? You renamed an HTML file from "My Pics.html" to "My Pics.Folder", it's still an HTML file and not a folder. In fact, except for the changed file extension this is simply just a
repeat
of your previous post, "Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV", except that the ".Folder" file extension is new to Windows XP
and
makes the file have a folder icon. When you open any file regardless of extension, Explorer tries to find the proper application to open the file with. This involves inspecting the
first
section of the files content and comparing it to a list of known
signatures.
You can read about "MIME Type Detection in Internet Explorer" at
http://msdn.microsoft.com/workshop/networking/moniker/overview/appendix_a.asp
We already know that opening HTML files from the My Computer zone is equivelant to opening an EXE file, given the executional rights provided
by
the zone. The only solution to this is to lock down the My Computer zone which I have been trying to advocate for some time now and Microsoft has
now
promised to do in Service Pack 2 for Windows XP. Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com thor () pivx com Phone: +1 (949) 231-8496 PGP: 0x5A276569 6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569 PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of Qwik-Fix <http://www.qwik-fix.net> ----- Original Message ----- From: "JacK" <jack () websecurite org> To: <full-disclosure () lists netsys com> Sent: Monday, January 26, 2004 4:54 AM Subject: [Full-disclosure] Windows XP Explorer Executes Arbitrary Code in FoldersHello, http://www.securitytracker.com/alerts/2004/Jan/1008843.html -- JacK _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Windows XP Explorer Executes Arbitrary Code in Folders JacK (Jan 26)
- Re: Windows XP Explorer Executes Arbitrary Code in Folders Thor Larholm (Jan 26)
- Re: Windows XP Explorer Executes Arbitrary Code in Folders Exibar (Jan 26)
- Re: Windows XP Explorer Executes Arbitrary Code in Folders Tobias Weisserth (Jan 26)
- Re: Windows XP Explorer Executes Arbitrary Code in Folders Exibar (Jan 26)
- <Possible follow-ups>
- Re:Windows XP Explorer Executes Arbitrary Code in Folders Ian Latter (Jan 26)
- Re: Windows XP Explorer Executes Arbitrary Code in Folders Thor Larholm (Jan 26)