-
August 24th, 2004, 09:12 AM
#1
Windows XP SP2 May Display the Wrong Icon in Zip Archives
From Zone-H.org:
08/21/2004
Updated: Aug 19 2004
Original Entry Date: Aug 19 2004
Impact: Modification of system information
Exploit Included: Yes
Version(s): Windows XP SP2
Description: A vulnerability was reported in Windows XP SP2 in the display of files within zip archives. Windows Explorer and Microsoft Internet Explorer may display a file with the wrong icon.
http-equiv reported that a remote user can create a zip archive containing a malicious file so that when the archived is viewed using Windows XP SP2's native Explorer or Internet Explorer archive viewing functionality, the file will show an arbitrary icon.
A demonstration exploit that shows the Windows Notepad icon on a file named 'notepad.exe' is provided:
http://www.malware.com/malware.sp2.zip
Michael Young of Miles Technologies subsequently reported that the regedit.exe, winhelp.exe, and explorer.exe filenames will also display their corresponding icon.
Impact: A remote user can cause the system to display the wrong file icon to the target local user.
Solution: No solution was available at the time of this entry.
Vendor URL: www.microsoft.com/technet/security/
Cause: State error
Underlying OS: Windows (XP)
Reported By: "http-equiv@excite.com" <1@malware.com>
And of course, here's some added information.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|