Re: Winnt/Win2k Vuln ?

From: Rio Martin. (rootat_private)
Date: Thu Aug 09 2001 - 19:59:05 PDT

  • Next message: Pauli Ojanpera: "Re: IE Save as feature & Security zones - curious question"

    I could confirm this, as long as you put executeable file in desktop, then
    you will be able to open it. Extension .BAT wont run. Only .COM will run.
    I also try to rename the file to www.somekind.org and it just showing "Open
    With ..." window.
    
    Regards,
    Rio Martin.
    http://marsud.org/
    
    
    
    _
    "Red Pantz" <redpantzat_private> wrote something like this:
    > Hello all,
    > I have found that if you name a file (can be any data file) a certain URL,
    on your desktop, and then g0 to IE and type that url, the web site will not
    come up, only the program that was named the certain.confusing?
    > i.e.
    > - copy autoexec.bat to ..\desktop
    > - rename autoexec.bat to www.google.com (can be any url)
    > - then go to IE and type "www.google.com"
    > - your batch file is then ran
    > a few issues i have w/ this is:
    > - the prog will only run if it is on your desktop
    > - if you type "http://www.google.com", for example
    >   it will not run(unless u name your file the same thing)
    > - it has only been tested on Win2k SP1, Winnt 4.0 SP6a w/ IE 5.5
    > - it doesn't seem to have any privelage escalation (all progs are run as
    the current user logged on)
    > Just want a few others to try it and see wut they think
    > thanx alot
    > redpantz
    >
    



    This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 12:00:53 PDT