Re: Winnt/Win2k Vuln ?

From: Mike Duncan (securityat_private)
Date: Thu Aug 09 2001 - 11:26:22 PDT

  • Next message: Thiago Campos: "Re:Winnt/Win2k Vuln ?"

    > - copy autoexec.bat to ..\desktop
    > - rename autoexec.bat to www.google.com (can be any url)
    > - then go to IE and type "www.google.com"
    > - your batch file is then ran
    
    Confirmed on Win2K Pro SP1 (5.00.2195) with IE 5.50.4522.1800 (56-bit). 
    Actually IE tried to download the www.google.com file probably because of
    the '.com' extension. I also went to START/RUN and typed in www.google.com
    and it tried to run it too (actually giving me an error about it was not a
    vaild Win32 App).
    
    -- 
    Mike Duncan
    securityat_private
    http://www.randomtask.net
    
    "This is what happens when parents make 
    their kids play with dried up Play-Doh."
                                  - Tim Mullen
    



    This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 11:18:07 PDT