Re: Winnt/Win2k Vuln ?

From: Vulnerability Development (vulndevat_private)
Date: Fri Aug 10 2001 - 10:31:09 PDT

  • Next message: sween: "Re: Winnt/Win2k Vuln ?"

    On Wed, 8 Aug 2001, Red Pantz wrote:
    
    > Hello all, 
    > 
    > I have found that if you name a file (can be any data file) a certain URL, on your desktop, and then g0 to IE and type that url, the web site will not come up, only the program that was named the certain.confusing? 
    > 
    > i.e.
    > 
    > - copy autoexec.bat to ..\desktop
    > - rename autoexec.bat to www.google.com (can be any url)
    > - then go to IE and type "www.google.com"
    > - your batch file is then ran
    > 
    
    This is because Windows (or IE) associated the .com extension with 16 bit
    windows binaries (like command.com and all the old DOS stuff).  If you
    rename a .bat file to .com it does not run correctly.
    
    I created a file www.google.com containing the line...
    echo This is a test > c:\data
    
    When I ran this from the browser it failed with a 16 bit MS-DOS subsystem
    error (illegal instruction). To make this work, you would need to create a
    .com binary file.  You might be able to use the old exe2bin utility.
    
    Dave Taylor
    



    This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 11:39:19 PDT