This affects virtual every Win2k/XP versions, incuding SP2!

Simple page below can place malicious prgram into your startup folder.
It did not work for myself, but there are ppl out there reporting this page does work online. It worked on my windows when i donwloaded the page and load it into IE locally.

http://www.malware.com/wattadrag.html

So to answer previous thread related to SP2, no thx, still crap :)

edit: IE only ;)

Does not work for me :D Using firefox ^^

Didn't work for me either on SP2 + IE. I haven't tried it locally...

it opened my startup folder, but didn't place anything in it (i couldn't drag the little thingy).

i'm using mozilla 1.6 btw.

Slogra:
Try Copy and paste, appearantly that works most of the time.
Also noticeable is that there are mixed results with this. I am not sure what exact reason causes this.
My guess has something todo with IE security settings.


Mug Funky:
This fault only works with IE. This is due to the tight integration between windows explorer and Internet explorer. Appearantly they are both responding to 'shell:Startup' as a parameter.
This woulnd be a problem for windows explorer, but hardly to justify for IE. It is like sharing your startup folder with the rest of the world.

Can i put M$ liable if i put some mp3 in that folder and got suit by the music industry ;)

edit:
Got an little movie showing the bug at
http://users.telenet.be/bugged/Malware%20Demo.avi