Diamond Computer Systems Security Report
==============================
VULNERABILITY: C:\Explorer.exe new autostart method
SEVERITY: Low
RELEASE DATE: Thursday Feb 15, 2001
DESCRIPTION:
Windows loads explorer.exe (typically located in the Windows directory) when it has loaded. However, if c:\explorer.exe exists it will be executed instead of the Windows explorer.exe.
THE PROBLEM:
If c:\explorer.exe is corrupt, the user will effectively be locked out of their system after they reboot. If c:\explorer.exe is a trojan, it will be executed. Unlike all other autostart methods, there is no need for any file or registry changes - the file just simply has to be named c:\explorer.exe
Microsoft have been notified.
--------------------------------------------------------------------------------
Publishing of this document is freely permitted providing the text is published in it's entirety and with no modifications.
Copyright (C) 2000, Diamond Computer Systems Pty. Ltd.
http://www.diamondcs.com.au