Hidden file vulnerability on XP (not tested elsewhere)

[Viper2026]

I have mistakenly come across a potential vulnerability, it allows files to be hidden in the c:\windows\fonts folder.

I came across this while installing some fonts I had downloaded. I was using winrar, and winrar works a bit differently than winzip and the standard windows xp file expander. If the files are contained in folders within the archive, and you select a single file not in the root of the directory, it will exctract to its desired desination within this folder (ex: a file is in zip:/folder/file.exe and i want to extract just file.exe to c:\ it would actually go to c:\folder\file.exe). So I install the font (which was in a folder, within the archive), not realizing it has been extracted to c:\windows\fonts\fontname\font.ttf. There is some inconsistency with the fonts folders that allows only fonts to be viewed there (using windows explorer), thus this folder was hidden.

To confirm I made an archive with winrar containg only notepad.exe. I extracted this file to c:\windows\fonts\test\notepad.exe. Then I went to windows explorer and navigated to the fonts folder, and there was no test folder. Then I went to run, and typed in c:\windows\fonts\test\notepad.exe and sure enough, notepad opened.

In conclusion files can be stored here and not be visible using a standard file browser. These directories however can be viewed in dos using the 'dir' function.

I'm not sure if this has been discovered already.

[SirDice]

This is the same as with the Recycle bin and the Temporary Internet file directories (and a few others). This is because of the 'special' way these folders are handled by explorer. You should still be able to see the files/folders if you use a command prompt and issue a dir command.

Look for a desktop.ini in that directory. This file tells explorer how and what to show you when you open that folder.

[Viper2026]

Originally posted here by SirDice
This is the same as with the Recycle bin and the Temporary Internet file directories (and a few others). This is because of the 'special' way these folders are handled by explorer. You should still be able to see the files/folders if you use a command prompt and issue a dir command.

Look for a desktop.ini in that directory. This file tells explorer how and what to show you when you open that folder.

Ah, ty, I didn't realize there were more folders like this

[AciDriveHB]

It's a system preference. I think it was setup more so you didn't scan somewhere that you would get a lot of BS... like your trash can... because that would be a folder of junk and the system would just be wasting time looking through your junk for something you want. Same with the fonts folder, it's generally a folder with a specific meaning. Just one of those things people don't really thinking about, who ever goes into their font folder? And the trash can, well if someone empties it... kiss that stuff goodbye.

Just a thought...
~AciD

[tampabay420]

this doesn't work from the command prompt...
so if you use "dir" this doesn't matter...

[Viper2026]

Originally posted here by tampabay420
this doesn't work from the command prompt...
so if you use "dir" this doesn't matter...

I created the folder when I extracted (in winrar), I only viewed it in the command prompt. And I'm on XP, so maybe it doesn't work the same on older/newer versions of windows.

[Algaen]

It's because these folders are special CLSID folders that point to options in the registry. Ankit Fadia has an explanation on his page:
http://www.ankitfadia.com/untold.htm
Scroll about a quarter of the way down until you see CLSID Folders Explained

Enjoy!