('binary' encoding is not supported, stored as-is) Jeremy, This is not case specific. You can run (almost) any file of your chosing. And the file being executed runs only w/ the permission that are already supplied for the user (so far ;) ) > "Jeremy Rodriguez" <jrodriguez@intellinet-tech.com>Cc: <vuln-devat_private> > RE: Winnt/Win2k Vuln ?Date: Fri, 10 Aug 2001 14:33:03 -0400 > >Regular users have read, read and execute permissions. >Is the significance, that the autoexec.bat can be altered and then ran? >How is this possible without write permissions? >If one can alter it, then it could be exploited. > >-----Original Message----- >From: Mike Duncan [mailto:securityat_private] >Sent: Thursday, August 09, 2001 2:26 PM >To: Red Pantz >Cc: vuln-devat_private >Subject: Re: Winnt/Win2k Vuln ? > > >> - copy autoexec.bat to ..\desktop >> - rename autoexec.bat to www.google.com (can be any url) >> - then go to IE and type "www.google.com" >> - your batch file is then ran > >Confirmed on Win2K Pro SP1 (5.00.2195) with IE 5.50.4522.1800 (56-bit). >Actually IE tried to download the www.google.com file probably because of >the '.com' extension. I also went to START/RUN and typed in www.google.com >and it tried to run it too (actually giving me an error about it was not a >vaild Win32 App). > >-- >Mike Duncan >securityat_private >http://www.randomtask.net > >"This is what happens when parents make >their kids play with dried up Play-Doh." > - Tim Mullen ------------------------------------------------------------ [- Get your own free e-mail @ http://www.crackdealer.com -]
This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 08:52:08 PDT