[Full-disclosure] Re: Window's O/S

From: Dave Korn (davek_throwaway_at_hotmail.com)
Date: 11/24/05

  • Next message: Dude VanWinkle: "Re: [Full-disclosure] Return of the Phrack High Council"
    To: full-disclosure@lists.grok.org.uk
    Date: Thu, 24 Nov 2005 14:58:54 -0000

    Marek Isalski wrote in news:s385b72e.070@mail.smuht.nwest.nhs.uk
    >>> create an folder on deskop and name it as "notepad".
    >>> open internet explorer > go to view > source code > this will open the
    >>> contents of notepad folder....!!
    >> Even better: rename any exe to notepad.exe ;)
    > Is this IE being so stupid as to run with a CWD of Desktop and
    > effectively doing a system("notepad")?


    > That'd explain explorer opening up folders called Notepad, and .exe files
    > being run. Bet it also works on MS Word documents (without a .doc
    > extension, probably), and any other magically executable file...
    > Certainly cmd.exe as notepad on the desktop suggests the CWD is your
    > Desktop (so presumably IE's CWD is also Desktop).

      Yep. You can't see that it's the cwd, but process explorer will show you
    it has a handle to desktop open.

    > Are there any other external apps IE is stupid enough to run without a
    > full path prefix? That could be fun too! :-)

      Dunno, but I'll tell you something I spotted the other day.

      Copy calc.exe to the root of your C:\ drive, and rename it to

      Fire up a recently-updated RealPlayer. Watch two instances of calc.exe
    appear. Close RealPlayer again. Watch two more instances of calc.exe

      Another un-quoted path with spaces in it. Phj33r!


    Can't think of a witty .sigline today.... 
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

  • Next message: Dude VanWinkle: "Re: [Full-disclosure] Return of the Phrack High Council"