From: Brad Eley [BEley@THESMSGROUP.COM]
Sent: Tuesday, March 07, 2000 1:18 PM
To: win2ksecadvice@LISTSERV.NTSECURITY.NET
Subject: Win2k (and Millenium Edition) auto file open vuln

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In lieu of the recent @stake advisory (MS Office 2000 Clip Art), I
have decided to resurrect this email I sent to NTBugtraq (killed by
moderator):

In Win2k and also Windows Millenium Edition:
I noticed a few additions in the "File Type" menu, including an
option to automatically open a file after download without
confirmation.  Going through the list of registered files on my
machine, The following types will open (execute) after download:
File Type               Desc
- -------------         --------
AIF                     Sound Clip
ASF             Advanced Streaming Format
ASX             Advanced Streaming Redirector
AU                      Sound Clip
AVI                     Video Clip
BMP             Bitmap Image
CDF             Channel File
CNF             Speed Dial
CSS             Cascading Style Sheet
GIF                     GIF Image
HTT                     Hypertext Template
IVF                     Indeo Video File
JPE             JPEG Image (JPG files will prompt you to open)
LSF             Advanced Streaming Format
LSX                     Advanced Streaming Redirector
M1V             Movie Clip
M3U             MP3 File
MID                     MIDI Sequence
MOV             Video Clip
MP3             MP3 File
OFC             Open Financial Connector
OFX             Open Financial Exchange
RA                      RealMedia
TXT                     Text
WAX             Windows Media Audio Shortcut
WMA             Windows Media Audio
WVX             Windows Media Audio/Video Shortcut
XML             Extended Markup Language
XSL                     Extended Stylesheet

Notice that in Win 9x, all or most of these file types would open
automatically, now you have some control over whether they do or not.
 However, I see this as an opportunity for a malicious program (file)
to change the notifications of it's or other's types, potentially
allowing for (more) exploits to occur.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>

iQA/AwUBOMVHIhm0yyJZcUFKEQJlnwCg7gam+vofsbkOknvYFHVmPB+cZ98AoJUZ
Gpev9a9iM5Sf1ITDMmW2T4CS
=IMcL
-----END PGP SIGNATURE-----

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listserv@listserv.ntsecurity.net