♦ Password
♦ Mailsetup
♦ Info
♦ Workstations
  ♣ Linux
  ♣ MacOS
♦ E-Mail
♦ Chat
♦ Files
♦ Backups
♦ Printers
♦ Network
♦ Statistics
♦ Downloads
♦ Links
♦ Newsletter
♦ Submit
♦ Search
♦ Linux

  Security problem with Windows Explorer
Microsoft Posted by Fabian Wenk on Monday April 25, @02:34PM
from the this-time-without-patch-but-a-workaround dept.
Windows Explorer includes a preview pane (Web view), which displays information on some types of files when they become selected. The preview pane is enabled by default on all Windows 2000 systems. As Microsoft has not yet made available an update, please disable the Web view in Windows Explorer through the Menu Tools / Folder Options... and then select Use Windows classic folders.

There is a sample file Test.doc on \\winsoft\winsoft\ (How to connect to the X: drive) to try this out, it just opens a popup windows with the text Successful injection!

For more information about this problem see the GreyMagic Security Advisory GM#015-IE about File Selection May Lead to Command Execution..

<  |  >


  Related Links
  • Articles on Microsoft
  • Also by Fabian Wenk
  • Contact author
  • The Fine Print: The following comments are owned by whoever posted them.
    ( Reply )

    © 2003 ISG, Departement Physik, ETH Zürich, <>