Bugtraq: Re: Self-Executing FOLDERS: Windows XP Explorer Part V

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Self-Executing FOLDERS: Windows XP Explorer Part V

From: Liu Die Yu <liudieyuinchina () yahoo com cn>
Date: 27 Jan 2004 08:25:55 -0000



here is what's happening here on my default and up2date winxp.home:
i downloaded the ZIP file at:
http://www.malware.com/my.pics.zip
double clicked it and another windows explorer popped up - there was folder inside the zip file. 
then i double clicked the folder - and my screen was burning... :-P

i can play more interesting games when at my school:
just shout out : man, i've shared matrix3 in "mat3" folder on my machine \\UMBRELLA...
many guys will doubleclick that "folder" and get compromised. :-))))))

----------------------

conclusion:
cheating the victim into openning a folder icon is much easier than cheating them into openning an HTM file.
so this is excellent stuff! 

another thing:
it works under "mcafee virus scan" at present.

added to my little collection of ie vulnz:
http://www.safecenter.net/UMBRELLAWEBV4/ie_unpatched/index.html
(a part of TRIE - http://continue.to/trie )

By Date By Thread

Current thread:

Self-Executing FOLDERS: Windows XP Explorer Part V http-equiv () excite com (Jan 26)
- Re: Self-Executing FOLDERS: Windows XP Explorer Part V mightye[removethis] (Jan 26)
- <Possible follow-ups>
- RE: Self-Executing FOLDERS: Windows XP Explorer Part V Thor Larholm (Jan 26)
  - Re: Self-Executing FOLDERS: Windows XP Explorer Part V Jelmer (Jan 27)
- Re: Self-Executing FOLDERS: Windows XP Explorer Part V Liu Die Yu (Jan 27)