[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Microsoft Windows XP SP2
- To: "Michael Young" <mikeyoung@xxxxxxxxxxxxxxxxxxxxx>, <1@xxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: RE: [Full-Disclosure] Microsoft Windows XP SP2
- From: "Todd Towles" <toddtowles@xxxxxxxxxxxxxxx>
- Date: Thu, 19 Aug 2004 15:53:41 -0500
I personally think that Microsoft should turn the "hiding of file types"
off by default. We all turn it off and it doesn't help basic users learn
file types. They go by the icons and therefore the icon issue is a
better security threat.
-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Michael
Young
Sent: Thursday, August 19, 2004 2:23 PM
To: 1@xxxxxxxxxxx; full-disclosure@xxxxxxxxxxxxxxxx
Subject: RE: [Full-Disclosure] Microsoft Windows XP SP2
Confirmed icon vulnerability as working on SP1 and SP2. I found that
regedit.exe, winhelp.exe, and explorer.exe are also vulnerable and
display their corresponding icon. I am unsure as to how useful this is
as a vulnerability, but it shouldn't be present none the less.
Michael Young
IT Consultant
Miles Technologies
(856)439-0999
-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of
http-equiv@xxxxxxxxxx
Sent: Thursday, August 19, 2004 11:35 AM
To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Microsoft Windows XP SP2
Let's commence by giving credit where credit is due. The thinking is
that the manufacturer of Windows XP has done a splendid job in patching
their little operating system with 300 million dollar's worth of fixes.
This is not exactly 'pocket change'.
But this is:
1. trivial scripting in the local zone
2. notepad icon regardless of file in XP's little zip thing
http://www.malware.com/malware.sp2.zip
many other 'bits and pieces' to be had but overall a splendid effort on
the manufacturer's part [for now]. Not quite sure where all that money
went though.
End Call
--
http://www.malware.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html