Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: Microsoft hides certain types of files from your eyes + some filename parsing bug
From: "Stuart Fox \(DSL AK\)" <StuartF () datacom co nz>
Date: Thu, 8 Jul 2004 16:58:22 +1200

The CLSID one doesn't work at all under XP SP2 Beta RC2.  The CLSID is
registered on my machine as an HTA.  File extension is show regardless
of whether you have view file extensions turned on or off.


        From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Good One
        Sent: Thursday, 8 July 2004 11:37 a.m.
        To: full-disclosure () lists netsys com
        Subject: [Full-disclosure] Microsoft hides certain types of
files from your eyes + some filename parsing bug
        Microsoft HIDES certain types of files from your eyes:
        This one is old unpatched "behaviour" ...
        If you will create in windows explorer file :
        with content :
        a=new ActiveXObject("WSCript.Shell");
        alert("Hello, I'm Silly Billy !");
        It will be executed if you will add CLSID to it's name and user
double clicks it :
        CLSID will remain hidden (explorer will not show it up in any
        File name for user will remain : test.txt
        This adds numerous possibilities for viruses to fool end user
into safe content.
        another filename parsing bug (system even cannot access it) :
        By some technics windows still allows to write file on harddisk
with funny name like :
        test [good one :] .avi
        End user will expierence certain difficulties to remove it
afterwards from system.
        It's name will change to "test [good one", it will have no
extension, will show up 0 bytes etc, etc...
        Of course .url and .lnk are hidden as well, being "shortcuts" in
m$ way. The contents of those files are up to you ... :-) 
        For example : file "test.url" with this content will open your
browser with alert.
        BASEURL=javascript:alert('hello mama !')
        URL=javascript:alert('hello mama !')
        m$ is good for gaming, not for serious work..
        - SomeMan.


        ALL-NEW Yahoo! Messenger
<http://uk.rd.yahoo.com/evt=21626/*http://uk.messenger.yahoo.com>  -
sooooo many all-new ways to express yourself 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]