Re: Winnt/Win2k Vuln ?

From: Mike Duncan (securityat_private)
Date: Thu Aug 09 2001 - 11:26:22 PDT

Next message: Thiago Campos: "Re:Winnt/Win2k Vuln ?"

Previous message: Gary V.Vaughan: "Re: [Fwd: Re: m4 and format strings]"
In reply to: Red Pantz: "Winnt/Win2k Vuln ?"
Next in thread: Jeremy Rodriguez: "RE: Winnt/Win2k Vuln ?"
Next in thread: Thiago Campos: "Re:Winnt/Win2k Vuln ?"
Reply: Jeremy Rodriguez: "RE: Winnt/Win2k Vuln ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> - copy autoexec.bat to ..\desktop
> - rename autoexec.bat to www.google.com (can be any url)
> - then go to IE and type "www.google.com"
> - your batch file is then ran

Confirmed on Win2K Pro SP1 (5.00.2195) with IE 5.50.4522.1800 (56-bit). 
Actually IE tried to download the www.google.com file probably because of
the '.com' extension. I also went to START/RUN and typed in www.google.com
and it tried to run it too (actually giving me an error about it was not a
vaild Win32 App).

-- 
Mike Duncan
securityat_private
http://www.randomtask.net

"This is what happens when parents make 
their kids play with dried up Play-Doh."
                              - Tim Mullen

Next message: Thiago Campos: "Re:Winnt/Win2k Vuln ?"
Previous message: Gary V.Vaughan: "Re: [Fwd: Re: m4 and format strings]"
In reply to: Red Pantz: "Winnt/Win2k Vuln ?"
Next in thread: Jeremy Rodriguez: "RE: Winnt/Win2k Vuln ?"
Next in thread: Thiago Campos: "Re:Winnt/Win2k Vuln ?"
Reply: Jeremy Rodriguez: "RE: Winnt/Win2k Vuln ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 11:18:07 PDT