monkfi5h
11-07-2003, 05:18 PM
http://www.zeropaid.com/news/articles/auto/10022003i.php
Is this site true?
Malicious code
There exists malicious code in ES5.exe's "Search Service" packet handler. By sending packet 0Ch, sub-function 07h to the "Search Service"'s IP:Port, a remote attacker could delete any file the user is sharing. If the remote attacker uses "filenames" with a relative path in them (eg. "......WINDOWSNOTEPAD.EXE"), the remote attacker could also delete files in eg. the windows and windowssystem32 folders, or any other folder on the same partition as any of the shared folders. Since most users using Windows are in the Administrators group, a remote attacker could also delete the C:BOOT.INI file which is a required boot file used by ntldr.
IMPORTANT: This is not a bug! They intentionally added this code to ES5
Is this site true?
Malicious code
There exists malicious code in ES5.exe's "Search Service" packet handler. By sending packet 0Ch, sub-function 07h to the "Search Service"'s IP:Port, a remote attacker could delete any file the user is sharing. If the remote attacker uses "filenames" with a relative path in them (eg. "......WINDOWSNOTEPAD.EXE"), the remote attacker could also delete files in eg. the windows and windowssystem32 folders, or any other folder on the same partition as any of the shared folders. Since most users using Windows are in the Administrators group, a remote attacker could also delete the C:BOOT.INI file which is a required boot file used by ntldr.
IMPORTANT: This is not a bug! They intentionally added this code to ES5