[20273] in bugtraq
Re: Double clicking on innocent looking files may be dangerous
daemon@ATHENA.MIT.EDU (Vittal Aithal)
Tue Apr 17 15:44:37 2001
MIME-Version: 1.0
Content-Type: text/plain
Message-ID: <7BA9B1EB0C03D3119AA50090276DCBE8012553D6@RMAIL2>
Date: Tue, 17 Apr 2001 10:10:30 +0100
Reply-To: Vittal Aithal <vittal.aithal@UK.ION-GLOBAL.COM>
From: Vittal Aithal <vittal.aithal@UK.ION-GLOBAL.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
> > If the file extension is certain CLSID e.g.:
> > testhta.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}
> > then Windows explorer and IE do not show the CLSID and only the .txt
> > extension, while the above file is in fact .hta file.
>
> Verified on Windows 98 SE Dutch version (all patches applied, and all
> NeverShowExt values removed from the registry), but with
> the note that while indeed the real extension is not show in
> Explorer and the name looks like a .txt file, the icon displayed is not
> that of a .txt file, but instead the "type unknown" icon (the Windows
logo).
>
> Also, the properties say the file is an "HTML Application".
The same behaviour applies to Win2K Professional.
A possible workaround is to add a pattern match in your desktop anti-virus
software to pick up on such extensions. For instance, adding
{????????-????-????-????-????????????} as an executable extension in Sophos
Anti-Virus 3.43 scans such files.
vittal
Vittal Aithal
Ion Global - strategic business integration
--
direct: +44 20 7549 5831
facsimile: +44 20 7549 5801
http://www.uk.ion-global.com/
