Re: Winnt/Win2k Vuln ?

From: martin.goudreaultat_private
Date: Fri Aug 10 2001 - 03:12:34 PDT

  • Next message: Thomas Reagan: "RE: Winnt/Win2k Vuln ?"

    Scarry...
    
    I tried it with Win2K SP2 and it works! Also, tried it with a exec file (renamed
    to WWW.TEST.COM) and the file executed no questions asked! Tried it with a valid
    (and verified) URL name (www.novell.com) and guess what? Same results!
    
    Can potentially be harmful.
    
    Martin Goudreault
    Senior Systems Support
    Bombardier - AeroSpace
    St-Laurent, Qc, Canada
    514-855-5001 x55488
    
    
    
    
    
    "Red Pantz" <redpantzat_private> on 08/08/2001 05:17:40 PM
    
    To:   vuln-devat_private
    cc:    (bcc: Martin Goudreault/Canadair/Bombardier)
    Subject:  Winnt/Win2k Vuln ?
    
    
    
    Hello all,
    
    I have found that if you name a file (can be any data file) a certain URL, on
    your desktop, and then g0 to IE and type that url, the web site will not come
    up, only the program that was named the certain.confusing?
    
    i.e.
    
    - copy autoexec.bat to ..\desktop
    - rename autoexec.bat to www.google.com (can be any url)
    - then go to IE and type "www.google.com"
    - your batch file is then ran
    
    a few issues i have w/ this is:
    
    - the prog will only run if it is on your desktop
    - if you type "http://www.google.com", for example
      it will not run(unless u name your file the same thing)
    - it has only been tested on Win2k SP1, Winnt 4.0 SP6a w/ IE 5.5
    - it doesn't seem to have any privelage escalation (all progs are run as the
    current user logged on)
    
    Just want a few others to try it and see wut they think
    
    thanx alot
    redpantz
    
    ------------------------------------------------------------
    [- Get your own free e-mail @ http://www.crackdealer.com -]
    
    
    



    This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 12:10:14 PDT