[funsec] Re: Image-handling flaws put Windows PCs at risk

Richard M. Smith rms at computerbytesman.com
Wed Nov 9 08:44:52 CST 2005


To disable .VBS, .JS, and .HTA files in Windows, a simple trick is to change
the file extension associations for these file types to run Notepad.  The
hard part is figuring out all the relavent file types related to the Windows
Scripting Host.  Someone really needs to write an applet to make the changes
to the registry.

A bit of history.  Windows Scripting Host, which most home PC users never
use, was secretly bundled with IE5 around 2000.  Not many people noticed
this addition to Windows, except the guy who wrote the ILoveYou email worm.
In talks on computer viruses, I joking tell people that "VBS" stands for
"Virus Building System".  On many people's PC, the first and only time WSH
ever got used was to run the ILoveYou worm. 

Richard

 

-----Original Message-----
From: funsec-bounces at linuxbox.org [mailto:funsec-bounces at linuxbox.org] On
Behalf Of Wolfe, James M
Sent: Wednesday, November 09, 2005 9:12 AM
To: funsec at linuxbox.org
Subject: RE: [funsec] Re: Image-handling flaws put Windows PCs at risk

I remember when the VBS viruses started making the rounds if you had an NT 4
machine you could simply delete scrrun.dll and you'd be OK. Win 2K on the
other hand which was just coming out at the time would put the file back no
matter if you deleted it, renamed it, or tried sticking in a zero byte file.
So much for being able to remove features that you don't want.

Regards,
James 


  
-----Original Message-----
From: funsec-bounces at linuxbox.org [mailto:funsec-bounces at linuxbox.org]
On Behalf Of Richard M. Smith
Sent: Tuesday, November 08, 2005 8:03 PM
To: funsec at linuxbox.org
Subject: [funsec] Re: Image-handling flaws put Windows PCs at risk

Re:
http://news.com.com/Image-handling+flaws+put+Windows+PCs+at+risk/2100-10
02_3
-5940047.html?tag=nefd.top
(AKA http://tinyurl.com/amy44)

When I see these kind of bugs, I always wonder if there is some way to turn
off the unneeded feature rather than getting a patch.  Disabling the feature
protects against the next security hole in the unneeded feature......  I
also wonder if there is a some method of scanning the registry to learn
about all the image file formats that IE supports in the <img> tag and
similar tags.  Last time I checked, the GIF and JPEG formats are all we
need.

Richard 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


More information about the funsec mailing list