[Full-Disclosure] Microsoft hides certain types of files from your eyes + some filename parsing bug
jkuperus at planet.nl
Thu Jul 8 02:05:25 BST 2004
From: full-disclosure-admin at lists.netsys.com
[mailto:full-disclosure-admin at lists.netsys.com] On Behalf Of Good One
Sent: donderdag 8 juli 2004 1:37
To: full-disclosure at lists.netsys.com
Subject: [Full-Disclosure] Microsoft hides certain types of files from your
eyes + some filename parsing bug
Microsoft HIDES certain types of files from your eyes:
This one is old unpatched "behaviour" ...
If you will create in windows explorer file :
with content :
alert("Hello, I'm Silly Billy !");
It will be executed if you will add CLSID to it's name and user double
clicks it :
CLSID will remain hidden (explorer will not show it up in any means)
File name for user will remain : test.txt
This adds numerous possibilities for viruses to fool end user into safe
another filename parsing bug (system even cannot access it) :
By some technics windows still allows to write file on harddisk with funny
name like :
test [good one :] .avi
End user will expierence certain difficulties to remove it afterwards from
It's name will change to "test [good one", it will have no extension, will
show up 0 bytes etc, etc...
Of course .url and .lnk are hidden as well, being "shortcuts" in m$ way. The
contents of those files are up to you ... :-)
For example : file "test.url" with this content will open your browser with
m$ is good for gaming, not for serious work..
ALL-NEW Yahoo! Messenger - sooooo many all-new ways to express yourself
Full-Disclosure is hosted and sponsored by Secunia.