RE: Winnt/Win2k Vuln ?

From: Jeremy Rodriguez (jrodriguez@intellinet-tech.com)
Date: Fri Aug 10 2001 - 11:33:03 PDT

  • Next message: Kaneda Akira: "Re: Winnt/Win2k Vuln ?"

    Regular users have read, read and execute permissions.
    Is the significance, that the autoexec.bat can be altered and then ran?
    How is this possible without write permissions?
    If one can alter it, then it could be exploited.
    
    -----Original Message-----
    From: Mike Duncan [mailto:securityat_private]
    Sent: Thursday, August 09, 2001 2:26 PM
    To: Red Pantz
    Cc: vuln-devat_private
    Subject: Re: Winnt/Win2k Vuln ?
    
    
    > - copy autoexec.bat to ..\desktop
    > - rename autoexec.bat to www.google.com (can be any url)
    > - then go to IE and type "www.google.com"
    > - your batch file is then ran
    
    Confirmed on Win2K Pro SP1 (5.00.2195) with IE 5.50.4522.1800 (56-bit). 
    Actually IE tried to download the www.google.com file probably because of
    the '.com' extension. I also went to START/RUN and typed in www.google.com
    and it tried to run it too (actually giving me an error about it was not a
    vaild Win32 App).
    
    -- 
    Mike Duncan
    securityat_private
    http://www.randomtask.net
    
    "This is what happens when parents make 
    their kids play with dried up Play-Doh."
                                  - Tim Mullen
    



    This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 11:49:19 PDT