[20245] in bugtraq
Re: Double clicking on innocent looking files may be dangerous
daemon@ATHENA.MIT.EDU (Jurjen Oskam)
Tue Apr 17 02:39:16 2001
Mail-Followup-To: BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20010416222320.B19712@calvin.quadpro-internal.stupendous.org>
Date: Mon, 16 Apr 2001 22:23:20 +0200
Reply-To: Jurjen Oskam <jurjen@QUADPRO.STUPENDOUS.ORG>
From: Jurjen Oskam <jurjen@QUADPRO.STUPENDOUS.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3ADB0077.F3515672@guninski.com>; from guninski@GUNINSKI.COM on
Mon, Apr 16, 2001 at 05:23:51PM +0300
On Mon, Apr 16, 2001 at 05:23:51PM +0300, Georgi Guninski wrote:
> If the file extension is certain CLSID e.g.:
> testhta.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}
> then Windows explorer and IE do not show the CLSID and only the .txt
> extension,
> while the above file is in fact .hta file.
Verified on Windows 98 SE Dutch version (all patches applied, and all
NeverShowExt values removed from the registry), but with
the note that while indeed the real extension is not show in Explorer and
the name looks like a .txt file, the icon displayed is not that of a .txt
file, but instead the "type unknown" icon (the Windows logo).
Also, the properties say the file is an "HTML Application".
--
Jurjen Oskam * http://www.stupendous.org/ for PGP key * Q265230
pro-life bombing bush hacker attack USA president 2600 decss assassinate
nuclear strike terrorism gun control eta military disrupt economy encryption
10:12pm up 35 days, 22:43, 2 users, load average: 0.16, 0.03, 0.01
