Bugtraq mailing list archives

Re: AUTORUN.INF Vulnerability

From: vpletzer () GMX NET (Valentin Pletzer)
Date: Sun, 20 Feb 2000 17:27:57 +0100


Hi maybe some addition to that:
At 00:07 18.02.00 -0500, you wrote:

administrative privileges, then it invokes Explorer on that directory to
open the directory like normal.


This is not true if the directory is opened with the Workplace and not the
Explorer

very real exploit; no directory guessing, i.e. did they name the WIN
directory Windows or Winnt?

how about %windir% ???

quoted as short as possible ??? ;-)

Current thread:

Re: perl-cgi hole in UltimateBB by Infopop Corp., (continued)
- - Re: perl-cgi hole in UltimateBB by Infopop Corp. Michael Wood (Feb 15)
  - Remote Vulnerability in the MMDF SMTP Daemon NAI Labs (Feb 16)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Bill (Feb 14)
  - Re: perl-cgi hole in UltimateBB by Infopop Corp. Andrew Danforth (Feb 15)
    - Re: perl-cgi hole in UltimateBB by Infopop Corp. Bill McKinnon (Feb 16)
    - Re: perl-cgi hole in UltimateBB by Infopop Corp. Brock Sides (Feb 17)
    - AUTORUN.INF Vulnerability Eric Stevens (Feb 17)
    - Re: AUTORUN.INF Vulnerability Jesper M. Johansson (Feb 18)
    - UPDATED: NetBSD Security Advisory 2000-001 Daniel Carosone (Feb 18)
    - Re: AUTORUN.INF Vulnerability Nick FitzGerald (Feb 19)
    - Re: AUTORUN.INF Vulnerability Valentin Pletzer (Feb 20)
    - MMDF Ran Atkinson (Feb 18)
    - Re: perl-cgi hole in UltimateBB by Infopop Corp. Brock Sides (Feb 18)
    - Re: perl-cgi hole in UltimateBB by Infopop Corp. Bennett Todd (Feb 18)
    - Re: perl-cgi hole in UltimateBB by Infopop Corp. Dennis Taylor (Feb 18)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Kevin Hillabolt (Feb 14)
  - AIX SNMP Defaults harikiri (Feb 15)
    - Re: AIX SNMP Defaults Michal Zalewski (Feb 17)
    - Re: AIX SNMP Defaults Troy Bollinger (Feb 21)
    - riched32.dll buffer overflow Pauli Ojanpera (Feb 21)
    - Re: AIX SNMP Defaults Troy Bollinger (Feb 17)

(Thread continues...)