[Windows] Vulnerability : Windows XP Explorer Executes Arbitrary Code in Folders

Discussion in 'other security issues & news' started by gkweb, Jan 26, 2004.

Thread Status:
Not open for further replies.
  1. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    A new vulnerability has been discovered :

    http://www.securitytracker.com/alerts/2004/Jan/1008843.html

    I have tested the sample which allow you to test safely this exploit, and no sandboxe software warned me about the code beeing executed, because it relies on your main browser and windows explorer, which are obviously both allowed.

    Some people were asking for proof of a code not blocked by sandboxe softwares, here is one.

    We can easily imagine that in the future this vulnerability will be used by many worms...

    Be aware that a folder now could not be a folder.
     
  2. SteeLRasH

    SteeLRasH Registered Member

    Joined:
    Jan 25, 2004
    Posts:
    7
    Location:
    Turkey
    Re:[Windows] Vulnerability : Windows XP Explorer Executes Arbitrary Code in Fold

    Woow indeed amazing vulnerability.
    tiny PF don't warn me
    but the the malicious code is in KAV virus database now as the trojan dropper.JS.Mimail.b

    thanx for your warning
     
  3. Sumire

    Sumire Registered Member

    Joined:
    Sep 26, 2002
    Posts:
    43
    Location:
    Japan
    Re:[Windows] Vulnerability : Windows XP Explorer Executes Arbitrary Code in Fold

    Hi,gkweb

    Thank you for your post!! I also downloaded exploit tool. yeah, I think this is very dangerous exploit especially for "Art of Trojaning"..... :oops:

    thanks again
    Best Regards.
     
  4. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    Re:[Windows] Vulnerability : Windows XP Explorer Executes Arbitrary Code in Fold

    Where did you download the exploit? I went to http://www.malware.com/my.pics.zip and didn't find it.
     
  5. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Re:[Windows] Vulnerability : Windows XP Explorer Executes Arbitrary Code in Fold

    it seems that the exploit is not anymore available and that they think to sell it o_O
     
Loading...
Thread Status:
Not open for further replies.