New XP SP1 and SP2 Exploit Found: Users can drag and drop into Startup Folder

Contributor Icon Contributed by davak Date Icon August 19, 2004  
Tag Icon Tagged: Windows

SP2 has not fixed all of window’s security problems. Users can still be tricked into dragging files into the startup area. IE 5.0, IE 6.0, and IE 6.1 systems are affected.


This works on SP1 and SP2 systems indeed. You can’t expect one little 150 MB patch to fix all of microsoft’s security problems, can you? :)

Here’s the proof of concept site:
http://www.malware.com/wottapoop.html

I love proof of concept sites like this! When somebody says that XP has a certain blah, blah exploit, I listen and wait for the patch. However, when somebody proves to me that they can use it to drop a file onto my computer, that’s when I get all pissed at Microsoft again.

No fix is available yet.

Source: http://secunia.com/advisories/12321/

Previous recipe | Next recipe |
 
blog comments powered by Disqus