Re: Winnt/Win2k Vuln ?

From: sween (sweenat_private)
Date: Fri Aug 10 2001 - 07:29:03 PDT

  • Next message: Thorat_private: "Re: CR II - winME? confirmation? (Slightly OT)"

    yep.  Windows 95b, IE5 produces :
    
    www
    This program has performed an illegal operation...
    
    I renamed a text file www.google.com to www.google.com.exe and got a
    MICRO~ command window and an illegal operation dialog.
    
    I know, ancient platorm... but verified.
    
    On Wed, 8 Aug 2001, Red Pantz wrote:
    
    > Hello all, 
    > 
    > I have found that if you name a file (can be any data file) a certain URL, on your desktop, and then g0 to IE and type that url, the web site will not come up, only the program that was named the certain.confusing? 
    > 
    > i.e.
    > 
    > - copy autoexec.bat to ..\desktop
    > - rename autoexec.bat to www.google.com (can be any url)
    > - then go to IE and type "www.google.com"
    > - your batch file is then ran
    > 
    > a few issues i have w/ this is:
    > 
    > - the prog will only run if it is on your desktop
    > - if you type "http://www.google.com", for example
    >   it will not run(unless u name your file the same thing)
    > - it has only been tested on Win2k SP1, Winnt 4.0 SP6a w/ IE 5.5
    > - it doesn't seem to have any privelage escalation (all progs are run as the current user logged on)
    > 
    > Just want a few others to try it and see wut they think
    > 
    > thanx alot
    > redpantz
    > 
    > ------------------------------------------------------------
    > [- Get your own free e-mail @ http://www.crackdealer.com -]
    > 
    > 
    
    
    --
    
     ---  -sween                               
    | M | http://www.modelm.org                 
     ---  "force feedback computing since 1984."
    <meta name="MSSmartTagsPreventParsing" content="TRUE">
    



    This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 11:39:34 PDT