On Wed, July 7, 2004 6:05 pm, Jelmer said:
Ancient news
It may be ancient, but it still works. And when it was originally
reported, phishing wasn't in vogue. Perhaps re-disclosing it will get it
some attention.
-Eric
--
arctic bears - affordable email and name services @yourdomain.com
In some mail from =?iso-8859-1?q?Good=20One?=, sie said:
test.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}
Note:
CLSID will remain hidden (explorer will not show it up in any means)
File name for user will remain : test.txt
I tested this and no matter how or where I created the file, I
Microsoft HIDES certain types of files from your eyes:
This one is old unpatched "behaviour" ...
If you will create in windows explorer file :
test.txt
with content :
scripta=new ActiveXObject("WSCript.Shell");a.run("CMD.EXE");alert("Hello, I'mSilly Billy!");/script
It will be executed if you
Ancient news
http://www.guninski.com/clsidext.html
--jelmer
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Good One
Sent: donderdag 8 juli 2004 1:37
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Microsoft hides certain types of files from your