Regular users have read, read and execute permissions. Is the significance, that the autoexec.bat can be altered and then ran? How is this possible without write permissions? If one can alter it, then it could be exploited. -----Original Message----- From: Mike Duncan [mailto:securityat_private] Sent: Thursday, August 09, 2001 2:26 PM To: Red Pantz Cc: vuln-devat_private Subject: Re: Winnt/Win2k Vuln ? > - copy autoexec.bat to ..\desktop > - rename autoexec.bat to www.google.com (can be any url) > - then go to IE and type "www.google.com" > - your batch file is then ran Confirmed on Win2K Pro SP1 (5.00.2195) with IE 5.50.4522.1800 (56-bit). Actually IE tried to download the www.google.com file probably because of the '.com' extension. I also went to START/RUN and typed in www.google.com and it tried to run it too (actually giving me an error about it was not a vaild Win32 App). -- Mike Duncan securityat_private http://www.randomtask.net "This is what happens when parents make their kids play with dried up Play-Doh." - Tim Mullen
This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 11:49:19 PDT