Bug Warning: Files Arrive with False Extensions
Results 1 to 2 of 2

Thread: Bug Warning: Files Arrive with False Extensions

  1. April 18th, 2001, 09:51 AM #1
    Renovator
    Renovator is offline Virtual Resident
    Join Date
    Mar 2000
    Location
    League City , Texas
    Posts
    880

    Bug Warning: Files Arrive with False Extensions

    I rarely get too exited about the various vunerabilities. However this one, if proven, will create some real problems. I think a couple of us experienced it a few weeks ago.

    hbv2 sent the article as part of the morning update to our NewsLink page.

    Here's the blood and guts:

    "Microsoft's Windows Explorer and Web browser Internet Explorer can be tricked into masking dangerous files as innocent ones, a security specialist says.

    Hackers can exploit the flaw so unknowing PC users may run arbitrary programs, potentially ruining their systems, according to Bulgarian bug hunter Georgi Guninski, a well-known Microsoft gadfly.

    By adding a certain CLSID (Class Identifier) to a file name, Windows Explorer and IE will show any file extension designated by the file's creator, instead of showing an extension that accurately reflects what kind of file it is, Guninski says. CLSIDs consist of a string of numbers between curly brackets.

    A file may appear to be an innocent ".txt" (text) file, but could in fact be an "HTA" (HTML Application) file, which can run programs on a PC. The damage occurs when someone double-clicks the file to open it. The malicious file could also be portrayed as any other file type, such as various graphics formats."

    Here's the check:

    "However, there's a way to identify such a masked file, a quick test shows. Windows Explorer and IE won't associate the appropriate program icon with the file. The .txt file made by Guninski for test purposes did not carry the icon for the Windows Notepad program. Also, the file's properties--displayed by right-clicking on the file name and selecting Properties from the menu--will reveal the actual file type."

    Keep your gloves on.

    Reply With Quote Reply With Quote
  2. April 18th, 2001, 10:34 AM #2
    jerryctx
    jerryctx is offline Virtual PC Surgeon!
    Join Date
    Dec 2000
    Location
    Dallas, TX USA
    Posts
    2,916
    To give credit where its due both Norton and McAfee posted alerts on this issue two weeks ago. Mr Guninski has found lots of vulnerabilities in the past but this time his only (but valuable) contribution was to get some news coverage.

    ------------------
    JerryCTX
    Computer (In)Security
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules