<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Vulnerability Development: Re: .com

Re: .com

From: <dullien_at_gmx.de>
Date: Tue, 2 Oct 2001 11:10:19 -0700

Hey Pauli,

somehow we're replicating our work ;)

PO> dunno if this has already occurred in people's mind but
PO> as there is the nice similarity between the ancient .com
PO> executable file extension and the tld .com ignorant
PO> clients could be fooled by sending executables that
PO> are named after popular .com www-sites. clear enough?-)

Yes, and most funnily: You don't need to actually have a .com file
in there - The operating system checks for the MZ/ZM signature,
and then hands the file over to the .EXE handler if present. Therefore
you can just rename any .EXE file .com and it will properly execute.

Cheers,
Thomas

-- 
Mit freundlichen Grüssen
dullien_at_gmx.de                            mailto:dullien_at_gmx.de

Received on Oct 02 2001

This message: [ Message body ]
Next message: Tony Lambiris: "Re: AOL IM 4.7 d0s 0-Day"
Previous message: Ed Lopez: "RE: limewire cookie (among others) disclosure vuln"
In reply to: Pauli Ojanperä: ".com"
Next in thread: Enrique A. Sanchez Montellano: "Re: .com"
Reply: Enrique A. Sanchez Montellano: "Re: .com"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos