Maybe 4 or 5 years ago there were some proof of concepts on exploits that had 
desktop.ini executing code that was in the folder it was in. I don't recall any 
use of it in the real world and I don't know if it was addressed.


> -----Original Message-----
> From: Ben Scott [mailto:[email protected]]
> Sent: Wednesday, June 03, 2009 9:19 PM
> To: NT System Admin Issues
> Subject: Re: Strange folder view


>   Come to think of it, I wonder if there are any security exposures
> from DESKTOP.INI.  I know it can reference a DLL to obtain a localized
> string... I wonder if it can also run code?


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to