Re: Winnt/Win2k Vuln ?

[sween <sween () modelm org>]

yep.  Windows 95b, IE5 produces :

www
This program has performed an illegal operation...

I renamed a text file www.google.com to www.google.com.exe and got a
MICRO~ command window and an illegal operation dialog.

I know, ancient platorm... but verified.

On Wed, 8 Aug 2001, Red Pantz wrote:

> Hello all, 
>
> I have found that if you name a file (can be any data file) a certain URL, on your desktop, and then g0 to IE and 
> type that url, the web site will not come up, only the program that was named the certain.confusing? 
>
> i.e.
>
> - copy autoexec.bat to ..\desktop
> - rename autoexec.bat to www.google.com (can be any url)
> - then go to IE and type "www.google.com"
> - your batch file is then ran
>
> a few issues i have w/ this is:
>
> - the prog will only run if it is on your desktop
> - if you type "http://www.google.com";, for example
>   it will not run(unless u name your file the same thing)
> - it has only been tested on Win2k SP1, Winnt 4.0 SP6a w/ IE 5.5
> - it doesn't seem to have any privelage escalation (all progs are run as the current user logged on)
>
> Just want a few others to try it and see wut they think
>
> thanx alot
> redpantz
>
> ------------------------------------------------------------
> [- Get your own free e-mail @ http://www.crackdealer.com -]


--

 ---  -sween                               
| M | http://www.modelm.org                 
 ---  "force feedback computing since 1984."
<meta name="MSSmartTagsPreventParsing" content="TRUE">