Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: Windows XP Explorer Executes Arbitrary Code in Folders

Re: Windows XP Explorer Executes Arbitrary Code in Folders

From: Stuart Moore <smoore.bugtraq_at_securityglobal.net>
Date: Mon, 26 Jan 2004 15:09:55 -0500

Thor,

>Why don't we call a spade a spade?

You are rather humorous! But I can be humorous, too: why don't we call a folder a folder?

Seriously, though, the interesting part is indeed not the self execution and not the HTML
in Local zone. The more interesting part is the HTML file as folder. Considering that
the typical Microsoft OS user has no clue what a MIME type is (and, for that matter, does
not know what HTML is, and doesn't know about zones), do you think that having an HTML
file be announced by the operating system's GUI as a folder is a Good Thing or a Bad
Thing? I would suggest that it leans more towards Idiot Engineering (http-equiv's term)
than Trustworthy Computing (MS term).

Stuart
Received on Jan 26 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos