[20343] in bugtraq
Re: Double clicking on innocent looking files may be dangerous
daemon@ATHENA.MIT.EDU (Gary Flynn)
Fri Apr 20 08:03:55 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <3ADDCAB8.9FECC96D@jmu.edu>
Date: Wed, 18 Apr 2001 13:11:20 -0400
Reply-To: Gary Flynn <flynngn@JMU.EDU>
From: Gary Flynn <flynngn@JMU.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
Gary Flynn wrote:
>
> One more thing. Anyone try this on an mp3 file and see how Napster et al
> handles it? That could be really, really ugly. I thought about that in the
> shower this morning and have been dealing with other stuff so haven't had
> a chance to check it yet.
I dumped a file.mp3."CLSID" file into the local Napster library directory
and the 2.0 Beta 7 Napster client didn't display it at all. Maybe for
the same reason the file doesn't show up in the file/open dialog box
or maybe because the client actually does some checking on its own.
I don't know.
I would imagine peer sharing clients that handle other file types
might react differently.
--
Gary Flynn
Security Engineer - Technical Services
James Madison University
Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/info-security/engineering/runsafe.shtml
