[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Windows XP Explorer Executes Arbitrary Code in Folders

To: Thor Larholm <thor@pivx.com>, bugtraq@securityfocus.com
Subject: Re: Windows XP Explorer Executes Arbitrary Code in Folders
From: Stuart Moore <smoore.bugtraq@securityglobal.net>
Date: Mon, 26 Jan 2004 15:09:55 -0500

Thor,

Why don't we call a spade a spade?

You are rather humorous! But I can be humorous, too: why don't we call a folder a folder?

Seriously, though, the interesting part is indeed not the self execution and not the HTML in Local zone. The more interesting part is the HTML file as folder. Considering that the typical Microsoft OS user has no clue what a MIME type is (and, for that matter, does not know what HTML is, and doesn't know about zones), do you think that having an HTML file be announced by the operating system's GUI as a folder is a Good Thing or a Bad Thing? I would suggest that it leans more towards Idiot Engineering (http-equiv's term) than Trustworthy Computing (MS term).

Stuart

Prev by Date: RE: Self-Executing FOLDERS: Windows XP Explorer Part V
Next by Date: ProxyNow! 2.x Multiple Overflow Vulnerabilities
Previous by thread: Serv-U ftp 4.2 site chmod long_file_name exploit
Next by thread: ProxyNow! 2.x Multiple Overflow Vulnerabilities
Index(es):
- Date
- Thread