Full Disclosure mailing list archives

Re: Window's O/S

From: "Marek Isalski" <Marek.Isalski () smuht nwest nhs uk>
Date: Thu, 24 Nov 2005 12:50:32 +0000

create an folder on deskop and name it as "notepad".
open internet explorer > go to view > source code > this will open the
contents of notepad folder....!!

Even better: rename any exe to notepad.exe ;)


Is this IE being so stupid as to run with a CWD of Desktop and effectively doing a system("notepad")?

That'd explain explorer opening up folders called Notepad, and .exe files being run.  Bet it also works on MS Word 
documents (without a .doc extension, probably), and any other magically executable file...

Certainly cmd.exe as notepad on the desktop suggests the CWD is your Desktop (so presumably IE's CWD is also Desktop).

Are there any other external apps IE is stupid enough to run without a full path prefix?  That could be fun too!  :-)



-------------------------------------------------------------
This message has been scanned for all viruses by Sophos Sweep
<<<<GWAVAsig>>>>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Window's O/S, (continued)
- Re: Window's O/S pagvac (Nov 24)
  - Re: Window's O/S indianz (Nov 24)
- RE: Window's O/S Cassidy Macfarlane (Nov 24)
  - Re: Window's O/S Greg (Nov 24)
    - Re: Window's O/S Brian Dessent (Nov 24)
  - Re: Window's O/S Brian Dessent (Nov 24)
    - Re: Window's O/S Andres Tarasco (Nov 24)
- RE: Window's O/S Haaland, Vegar Linge (Nov 24)
- RE: Window's O/S Fielder, Kevin (GE Consumer Finance) (Nov 24)
  - Re: Window's O/S Stuart Dunkeld (Nov 24)
- Re: Window's O/S Marek Isalski (Nov 24)
  - Re: Window's O/S Dave Korn (Nov 24)
    - Re: Re: Window's O/S Gilles DEMARTY (Nov 24)
  - RE: Window's O/S Aditya Deshmukh (Nov 24)
- Window's O/S houser (Nov 24)
- RE: Window's O/S Cassidy Macfarlane (Nov 25)
- Re: Window's O/S Peter Ferrie (Nov 25)