Re: [Full-disclosure] Re: Window's O/S

From: Gilles DEMARTY (gilles.demarty_at_gmail.com)
Date: 11/24/05

  • Next message: Phrack High Council: "Re: [Full-disclosure] Re: FD list"
    Date: Thu, 24 Nov 2005 17:40:22 +0100
    To: full-disclosure@lists.grok.org.uk
    
    

    hi list,

    you can workaround this 'problem' and protect yourself against an
    intruder, by patching your registry file :

    (Do it at your own risks : )

    HKLM\SOFTWARE\Microsoft\Internet Explorer\View Source Editor\Editor Name

    and set the default key to 'c:\windows\notepad.exe' (or any editor you
    wanna use, providing the full path).

    Gilles

    2005/11/24, Dave Korn <davek_throwaway@hotmail.com>:
    > Marek Isalski wrote in news:s385b72e.070@mail.smuht.nwest.nhs.uk
    > >>> create an folder on deskop and name it as "notepad".
    > >>> open internet explorer > go to view > source code > this will open the
    > >>> contents of notepad folder....!!
    > >> Even better: rename any exe to notepad.exe ;)
    > >
    > > Is this IE being so stupid as to run with a CWD of Desktop and
    > > effectively doing a system("notepad")?
    >
    > Yep.
    >
    > > That'd explain explorer opening up folders called Notepad, and .exe files
    > > being run. Bet it also works on MS Word documents (without a .doc
    > > extension, probably), and any other magically executable file...
    > >
    > > Certainly cmd.exe as notepad on the desktop suggests the CWD is your
    > > Desktop (so presumably IE's CWD is also Desktop).
    >
    > Yep. You can't see that it's the cwd, but process explorer will show you
    > it has a handle to desktop open.
    >
    > > Are there any other external apps IE is stupid enough to run without a
    > > full path prefix? That could be fun too! :-)
    >
    > Dunno, but I'll tell you something I spotted the other day.
    >
    > Copy calc.exe to the root of your C:\ drive, and rename it to
    > "Program.exe".
    >
    > Fire up a recently-updated RealPlayer. Watch two instances of calc.exe
    > appear. Close RealPlayer again. Watch two more instances of calc.exe
    > appear.
    >
    > Another un-quoted path with spaces in it. Phj33r!
    >
    > cheers,
    > DaveK
    > --
    > Can't think of a witty .sigline today....
    >
    >
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    > Hosted and sponsored by Secunia - http://secunia.com/
    >
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/


  • Next message: Phrack High Council: "Re: [Full-disclosure] Re: FD list"

    Relevant Pages

    • [Full-disclosure] Re: Windows O/S
      ... > extension, probably), and any other magically executable file... ... > Certainly cmd.exe as notepad on the desktop suggests the CWD is your ... Fire up a recently-updated RealPlayer. ... Watch two more instances of calc.exe ...
      (Full-Disclosure)
    • RE: [Full-disclosure] Windows O/S
      ... > Is this IE being so stupid as to run with a CWD of Desktop ... > and .exe files being run. ... > Certainly cmd.exe as notepad on the desktop suggests the CWD ...
      (Full-Disclosure)
    • Re: [Full-disclosure] Windows O/S
      ... Is this IE being so stupid as to run with a CWD of Desktop and effectively doing a system? ... Certainly cmd.exe as notepad on the desktop suggests the CWD is your Desktop. ... Hosted and sponsored by Secunia - http://secunia.com/ ...
      (Full-Disclosure)