Help
-
Search
-
Member List
-
Calendar
Full Version:
Desktop.ini Flaw Results In Executing Folders
GovernmentSecurity.org
>
The Archives
>
Exploit Articles
qcred11
May 17 2004, 11:17 PM
QUOTE
/--------------------------------------------------------------------/
Vendor: Microsoft Corp.
product: windows (only tested on winxp.pro.ed)
test machine: win.xp.pro.ed ie.6 (fully patched)
Discovery by: Roozbeh Afrasiabi
[roozbeh_afrasiabi(At)yahoo(dot)com]
Risk: med
Title:
Desktop.ini flaw results in executing folders
/--------------------------------------------------------------------/
TABLE OF CONTENTS:
==================
Description..............................................1
Exploit..................................................2
Contact info.............................................3
Disclaimer...............................................4
1)Description:
==================
Certain system folders on windows(XP) are created using desktop.ini by
use of their CLSIDs , this is done by setting the CLSID value of the
shellclassinfo in desktop.ini to their assigned CLSIDs , however there
is no restriction to what CLSIDs are safe and can be used, this could
bring up security issues when CLSIDs that point to executables are set
as the CLSID value.
This vulnerability effects IEXPLORE.EXE and EXPLORER.exe and may result
in execution of malicious code in the context of the currently logged
in user.
2)Exploit
===========
http://www.freewebs.com/roozbeh_afrasiabi/xploit/execute.htm
3)Contact Info
==================
roozbeh_afrasiabi(at)yahoo(dot)com
da_stone_cold_killer(at)yahoo(dot)com
tibbar
May 20 2004, 06:37 AM
very nice exploit. i can see a lot of ppl using this to trojan apps etc.
has M$ patched this?
toska
May 20 2004, 10:26 AM
Nope, its not patched yet.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here
.
Invision Power Board © 2001-2005
Invision Power Services, Inc.
