Certain Files Can Be Renamed and Executed

Executables renamed as .xxx files run as executable from command line. Executables can be renamed with any extension and run from the command prompt or batch file. Subverts filtering/download control by filename extension.

Also executables without a filename extension can be started from the command prompt or batch file, as NT will try to run the file as .COM, .EXE, .CMD, or .BAT in that order.

This leaves room for a potential trojan to be introduced into the system.

NT Versions Affected:

3.5?, 3.51?, 4.0