Maybe 4 or 5 years ago there were some proof of concepts on exploits that had desktop.ini executing code that was in the folder it was in. I don't recall any use of it in the real world and I don't know if it was addressed.
> -----Original Message----- > From: Ben Scott [mailto:[email protected]] > Sent: Wednesday, June 03, 2009 9:19 PM > To: NT System Admin Issues > Subject: Re: Strange folder view > Come to think of it, I wonder if there are any security exposures > from DESKTOP.INI. I know it can reference a DLL to obtain a localized > string... I wonder if it can also run code? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
