[home]
Double click danger.
By double clicking a file name from Window Explorer or Internet Explorer with familiar or innocent
extensions you may be tricked into executing arbitrary programs.
If the file extension is certain CLSID for example
testhta.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}, Windows explorer and IE do not show the CLSID but only the .txt extension,- the above file is in fact a .hta file.
Some exploit scenarios take advantage of this by leaving malicous files on shared resources or sending them by email.
What is a CLSID?
A Class ID (CLSID) is a 128 bit number that represents a unique id for a software application or application component. Typically they are displayed like this "{AE7AB96B-FF5E-4dce-801E-14DF2C4CD681}".
What are they used for?
CLSIDs are used by Windows to identify software components without having to know their "name". They can also be used by software applications to identify a computer, file or other item.
Where do they come from?
Microsoft provides a utility (program) called GUIDGEN.EXE that generates these numbers. They are generated by using the current time, network adapter address (if present) and other items in your computer so that no two numbers will ever be the same.
Georgi Guninski
This information is compiled from various sources. All credit is due to the respective authors.
Double click danger.
By double clicking a file name from Window Explorer or Internet Explorer with familiar or innocent
extensions you may be tricked into executing arbitrary programs.
If the file extension is certain CLSID for example
testhta.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}, Windows explorer and IE do not show the CLSID but only the .txt extension,- the above file is in fact a .hta file.
Some exploit scenarios take advantage of this by leaving malicous files on shared resources or sending them by email.
What is a CLSID?
A Class ID (CLSID) is a 128 bit number that represents a unique id for a software application or application component. Typically they are displayed like this "{AE7AB96B-FF5E-4dce-801E-14DF2C4CD681}".
What are they used for?
CLSIDs are used by Windows to identify software components without having to know their "name". They can also be used by software applications to identify a computer, file or other item.
Where do they come from?
Microsoft provides a utility (program) called GUIDGEN.EXE that generates these numbers. They are generated by using the current time, network adapter address (if present) and other items in your computer so that no two numbers will ever be the same.
Georgi Guninski
This information is compiled from various sources. All credit is due to the respective authors.