hacking security forum

RE: [Full-Disclosure] Microsoft Windows XP SP2

From: Todd Towles <toddtowles@brookshires.com>
Date: Thu Aug 19 2004 - 16:53:41 EDT

I personally think that Microsoft should turn the "hiding of file types"
off by default. We all turn it off and it doesn't help basic users learn
file types. They go by the icons and therefore the icon issue is a
better security threat.

-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Michael
Young
Sent: Thursday, August 19, 2004 2:23 PM
To: 1@malware.com; full-disclosure@lists.netsys.com
Subject: RE: [Full-Disclosure] Microsoft Windows XP SP2

Confirmed icon vulnerability as working on SP1 and SP2. I found that
regedit.exe, winhelp.exe, and explorer.exe are also vulnerable and
display their corresponding icon. I am unsure as to how useful this is
as a vulnerability, but it shouldn't be present none the less.

Michael Young
IT Consultant
Miles Technologies
(856)439-0999

-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of
http-equiv@excite.com
Sent: Thursday, August 19, 2004 11:35 AM
To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] Microsoft Windows XP SP2

Let's commence by giving credit where credit is due. The thinking is
that the manufacturer of Windows XP has done a splendid job in patching
their little operating system with 300 million dollar's worth of fixes.
This is not exactly 'pocket change'.

But this is:

1. trivial scripting in the local zone
2. notepad icon regardless of file in XP's little zip thing

http://www.malware.com/malware.sp2.zip

many other 'bits and pieces' to be had but overall a splendid effort on
the manufacturer's part [for now]. Not quite sure where all that money
went though.

End Call 

--
http://www.malware.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Thu Aug 19 18:48:44 2004

This archive was generated by hypermail 2.1.8 : Thu Aug 19 2004 - 19:04:04 EDT

Custom Search