Re: Winnt/Win2k Vuln ?

From: Felipe Franciosi (ozzy@paradoxo.org)
Date: 08/10/01


Date: Fri, 10 Aug 2001 10:27:40 -0300
From: Felipe Franciosi <ozzy@paradoxo.org>
To: vuln-dev@securityfocus.com
Subject: Re: Winnt/Win2k Vuln ?
Message-Id: <20010810102656.7ACD.OZZY@paradoxo.org>

Hi,

My quick analysis:

If you type something on the location bar of explorer, it will try to
execute it if it's in the windows desktop.

The file was executed only because the extension was .COM... if you
try .BR or .ORG, for example, explorer will ask you which program to
use.

tested on windows 98 with exploder version 5.50.4522.1800

Best Regards,
Felipe

> Hello all,
>
> I have found that if you name a file (can be any data file) a certain URL, on your desktop, and then g0 to IE and type that url, the web site will not come up, only the program that was named the certain.confusing?
>
> i.e.
>
> - copy autoexec.bat to ..\desktop
> - rename autoexec.bat to www.google.com (can be any url)
> - then go to IE and type "www.google.com"
> - your batch file is then ran
>
> a few issues i have w/ this is:
>
> - the prog will only run if it is on your desktop
> - if you type "http://www.google.com", for example
> it will not run(unless u name your file the same thing)
> - it has only been tested on Win2k SP1, Winnt 4.0 SP6a w/ IE 5.5
> - it doesn't seem to have any privelage escalation (all progs are run as the current user logged on)
>
> Just want a few others to try it and see wut they think
>
> thanx alot
> redpantz
>
> ------------------------------------------------------------
> [- Get your own free e-mail @ http://www.crackdealer.com -]

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Felipe Franciosi        paradoxo networking
 ozzy@paradoxo.org
 http://www.paradoxo.org   Porto Alegre - RS
 Fone: (51) 9806 7387         UIN - 33596050
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=



Relevant Pages

  • [Full-Disclosure] Flaws security feature of SP2
    ... Author: Jürgen Schmidt, heise Security ... Windows Explorer does not update zone information ... When a user tries to execute a file downloaded from the ... files from archives with a ZoneID greater than or equal ...
    (Full-Disclosure)
  • Re: Very slow computerHow do I stop and keep stopped the svchost s
    ... Enquire, plan and execute ... DLGolfs wrote: ... What is the CPU and how much RAM does your computer have? ... Explorer select Tools, Manage Add Ons, Enable or Disable Add Ons. ...
    (microsoft.public.windowsxp.general)
  • file creation - unix
    ... i can execute a prog wich is set-uid. ... creat i think). ... the owner and mode are unchanged. ...
    (comp.os.linux.security)
  • Re: Search doesnt find files that are installed
    ... Enquire, plan and execute ... RobF wrote: ... Next in Windows Explorer make sure View, ... mrxdav.sys and check Advanced Options and the top three options from ...
    (microsoft.public.windowsxp.general)
  • Re: file creation - unix
    ... >i can execute a prog wich is set-uid. ... >creat i think). ... >to the effective uid of the process and permission is 600. ...
    (comp.os.linux.security)