Vulnerability Development mailing list archives
Re: Winnt/Win2k Vuln ?
From: Felipe Franciosi <ozzy () paradoxo org>
Date: Fri, 10 Aug 2001 10:27:40 -0300
Hi, My quick analysis: If you type something on the location bar of explorer, it will try to execute it if it's in the windows desktop. The file was executed only because the extension was .COM... if you try .BR or .ORG, for example, explorer will ask you which program to use. tested on windows 98 with exploder version 5.50.4522.1800 Best Regards, Felipe
Hello all, I have found that if you name a file (can be any data file) a certain URL, on your desktop, and then g0 to IE and type that url, the web site will not come up, only the program that was named the certain.confusing? i.e. - copy autoexec.bat to ..\desktop - rename autoexec.bat to www.google.com (can be any url) - then go to IE and type "www.google.com" - your batch file is then ran a few issues i have w/ this is: - the prog will only run if it is on your desktop - if you type "http://www.google.com", for example it will not run(unless u name your file the same thing) - it has only been tested on Win2k SP1, Winnt 4.0 SP6a w/ IE 5.5 - it doesn't seem to have any privelage escalation (all progs are run as the current user logged on) Just want a few others to try it and see wut they think thanx alot redpantz ------------------------------------------------------------ [- Get your own free e-mail @ http://www.crackdealer.com -]
-- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Felipe Franciosi paradoxo networking ozzy () paradoxo org http://www.paradoxo.org Porto Alegre - RS Fone: (51) 9806 7387 UIN - 33596050 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Current thread:
- Winnt/Win2k Vuln ? Red Pantz (Aug 09)
- Re: Winnt/Win2k Vuln ? Mike Duncan (Aug 10)
- RE: Winnt/Win2k Vuln ? Jeremy Rodriguez (Aug 10)
- Re: Winnt/Win2k Vuln ? Enrique A. CompaƱ Gzz. (Aug 10)
- RE: Winnt/Win2k Vuln ? Thomas Reagan (Aug 10)
- Re: Winnt/Win2k Vuln ? Thor (Aug 10)
- RE: Winnt/Win2k Vuln ? Thomas Reagan (Aug 10)
- Re: Winnt/Win2k Vuln ? Felipe Franciosi (Aug 10)
- Re: Winnt/Win2k Vuln ? sween (Aug 10)
- Re: Winnt/Win2k Vuln ? Vulnerability Development (Aug 10)
- Re: Winnt/Win2k Vuln ? Kaneda Akira (Aug 10)
- Re: Winnt/Win2k Vuln ? Rio Martin. (Aug 10)
- Re: Winnt/Win2k Vuln ? Kevin Gagel (Aug 10)
- Re: Winnt/Win2k Vuln ? Fab Siciliano (Aug 10)
- Re: Winnt/Win2k Vuln ? sween (Aug 10)
- Re: Winnt/Win2k Vuln ? Kevin Gagel (Aug 10)
- Re: Winnt/Win2k Vuln ? J.D. Meek (Aug 10)
- Re: Winnt/Win2k Vuln ? Kaneda Akira (Aug 11)
- Re: Winnt/Win2k Vuln ? Mike Duncan (Aug 10)
- <Possible follow-ups>
- Re:Winnt/Win2k Vuln ? Thiago Campos (Aug 10)