Re: First vulnerabilities in the SP2 - XP ?...

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: First vulnerabilities in the SP2 - XP ?...
From: Matthew Roberts <webmaster@xxxxxxxxxxxxxxxxx>
Date: 18 Aug 2004 18:31:52 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

In-Reply-To: <200408180941.16239.radoslav.dejanovic@xxxxxxxx>


>This basically tells the user to open CMD and then execute the attachment in 
>command line. Now, someone has to be really, really dumb to do that.

People might forget that dragging and dropping to a command prompt actually 
executes the file.

I have 2 words, Batch files.. I did not get prompted when I double clicked a 
batch file containing one line "Malicious program.exe"

Sp2 did not also detect that Viri.zip downloaded from the internet and contains 
an EXE inside it...

I am not trying to create bad press for SP2, I personally think very highly of 
it...

But I do think people will enter the trap "Wel it's gonna alert me if it's not 
safe ain't it?" I think that's the biggest issue here

Follow-Ups:
- RE: First vulnerabilities in the SP2 - XP ?...
  - From: Larry Seltzer

Prev by Date: Re: Posible security bug in phpMyWebhosting
Next by Date: Re: Posible security bug in phpMyWebhosting
Previous by thread: RE: First vulnerabilities in the SP2 - XP ?...
Next by thread: RE: First vulnerabilities in the SP2 - XP ?...
Index(es):
- Date
- Thread