EUVD-2003-0301

Malware in sbrugna...

User Profile name changes from User Name to "My Documents" or "Documents"

Under certain circumstances, the Desktop.ini file may cause the User Profile folder name on the User Store to change from the User Name to "My Documents". If we delete the "desktop.ini" file in the "My Documents" folder, it changes the folder name back to the correct user name...

The most simple and effective provided the right method tips-vulnerability warning-the black bar safety net

We all know the most long with several elevation method We mainly say about the use of autorun . inf or desktop. ini, This method has many limitations, must be an administrator to open the directory or folder, now the domestic some administrators do not know these years before landingserviceonce,...

CVE-2004-2289

Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file...

CVE-2004-2289

CVE-2004-2289 is the Windows XP Desktop.ini/ShellClassInfo variant that leads to arbitrary code execution via a .ShellClassInfo CLSID pointing to an executable. Connected docs show a related Windows Shell remote-code-execution vulnerability (CVE-2006-0012) in Windows Explorer triggered by COM obj...

CVE-2003-0306

Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter...

CVE-2003-0306

Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter...

Another Web Folder issue

This is an issue that I submitted to Microsoft yesterday morning. I was going to wait to hear from them before submitting this NTBugTraq, but when only several hours later when I saw Georgi Guninski's Customized Folders issue I felt that I had better "stake my claim" to this issue before he or...