[8103] in bugtraq
Re: IE4 Custom Folder
daemon@ATHENA.MIT.EDU (Christopher K Davis)
Fri Oct 2 18:14:07 1998
Date: Fri, 2 Oct 1998 16:52:07 -0400
Reply-To: Christopher K Davis <ckd@CKDHR.COM>
From: Christopher K Davis <ckd@CKDHR.COM>
X-To: David LeBlanc <dleblanc@MINDSPRING.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: David LeBlanc's message of "Fri, 2 Oct 1998 08:59:33 -0400"
David LeBlanc <dleblanc@MINDSPRING.COM> writes:
> With respect to disabling this attack on Win95, your only options are (in
> personal order of preference):
> 1) Install NT, precreate desktop.ini files and lock them down
> 2) Don't share anything
> 3) Disable active desktop
I'm not sure #2 stops all variants of this attack; what happens if
someone mails you a desktop.ini file, and then you go to look in your
mailer's attachments directory? My (untested) guess is that you lose.
--
Christopher Davis * <ckd-sig@ckdhr.com> * <URL:http://www.ckdhr.com/ckd/>
Put location information in your DNS! <URL:http://www.ckdhr.com/dns-loc/>
