[20323] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Double clicking on innocent looking files

daemon@ATHENA.MIT.EDU (Frank Heyne)
Thu Apr 19 20:21:02 2001

Message-ID:  <20010418091235.1A3D5250A7E@lists.securityfocus.com>
Date:         Wed, 18 Apr 2001 11:10:06 +0200
Reply-To: fh@Rcs1.urz.tu-dresden.de
From: Frank Heyne <fh@Rcs1.urz.tu-dresden.de>
To: BUGTRAQ@SECURITYFOCUS.COM

On 17 Apr 01, at 10:36, Philip Stoev wrote:

> maybe other tricks are possible with a carefully-chosen CLSID.

How about this:

1. Copy an exe file of your choice into a public directory like c:\temp

2. Rename this file to
OurAdminIsStupid.htm.{00000303-0000-0000-C000-000000000046}

3. The exe will now show the icon of an html file
   (but not the correct type description)

4. When your curious Admin double clicks the file, CPU usage
   will go up to 100 %, and it seems to be impossible to
   stop this with task manager

Works with NT 4 SP 6a + IE 5.5

Greetings

Frank Heyne


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[20323] in bugtraq

Re: Double clicking on innocent looking files

daemon@ATHENA.MIT.EDU (Frank Heyne)Thu Apr 19 20:21:02 2001

daemon@ATHENA.MIT.EDU (Frank Heyne)
Thu Apr 19 20:21:02 2001