-
April 3rd, 2003, 01:13 PM
#1
desktop.ini bug(XP)
I reported the following to microsoft yesterday +two vulnerabilities that you'll hear about soon!
-----------------desktop.ini bug-----------------
by:roozbeh afrasiabi(Black_Death)
e-mail:da_stone_cold_killer@yahoo.com
-----------------------------------------------------
[Introduction]
This bug can cause either instant restart or crash
of windows XP when user logs on .
The bug is due to the way windows uses desktop.ini
file for customizing folders or creating shell
folders like "web folder","active x folder"....
Desktop.ini can cause other bugs which this report
will not cover including "executing folders",
"hidden folders",....
-----------------------------------------------------
[HOW]
simply create a desktop.ini file in either
the "Documents and Settings" folder or any
of the user profiles inside this folder and
paste the following code to the file, save
the file and logoff.
[DeleteOnCopy]
Owner=administrator
[.ShellClassInfo]
CLSID={D20EA4E1-3957-11d2-A40B-0C5020524153}
IconFile=%SystemRoot%\system32\SHELL32.dll
IconIndex=3
Creating the desktop.ini file inside the
"Documents and Settings" folder will cause
windows to restart or crash when any user
logs on ,if you create the file inside
a specific user profile the bug will affect that
user only.
Note:
to log on normally you need to delete or change the
CLSID portion of the code.
changing it to somthing like :
CLSID=/{D20EA4E1-3957-11d2-A40B-0C5020524153}
will change things back to normal.
cation:adding the desktop.ini file to "Documents and Settings"
folder will stop any user from logging on so you need to have
a bootup disk so you can change/delete the desktop.ini file.
-----------------------------------------------------
[WHY]
The CLSID protion of the code points to a
shell folder so the real system folder
that contains the desktop.ini file will
be ignored by windows,when the file is placed
in "Documents and Settings" folder widows can
not find any of the user profiles which causes
restart or crash of windows XP.
-----------------------------------------------------
for more info on CLSIDs take a look at the following
key in the registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID]
-----------------------------------------------------
The bug can cause diffrent results when some
other CLSIDS are used.
//{D20EA4E1-3957-11d2-A40B-0C5020524153}
//{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}
//{E773F1AF-3A65-4866-857D-846FC9C4598A}
//{BDEADF00-C265-11d0-BCED-00A0C90AB50F}
//{63da6ec0-2e98-11cf-8d82-444553540000}
//{48e7caab-b918-4e58-a94d-505519c795dc}
//{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31}
-----------------------------------------------------
-
April 3rd, 2003, 01:36 PM
#2
Junior Member
Niiice...
Interesting.. I can't remember if you had said XP as in home, pro, pro corp or all of em? That's really interesting. I'll be looking at that myself.
-
April 3rd, 2003, 10:56 PM
#3
this was tested on windows XP pro 5.1.2600 and windows XP home.
btw:i do not recommend playing with CLSIDs and the desktop.ini bug.
another thing i forgot to tell you is that the clsid you use must be a valid
shell folder clsid.
--------------------------------------------------------------------------------
{88C6C381-2E85-11D0-94DE-444553540000} acvtivex folder
{F5175861-2688-11d0-9C5E-00AA00A45957} offline files
{48e7caab-b918-4e58-a94d-505519c795dc} start menu folder
{63da6ec0-2e98-11cf-8d82-444553540000} ftp folder
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} web folders
--------------------------------------------------------------------------------
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|