Re: Winnt/Win2k Vuln ?

From: J.D. Meek (jdmeek@edgenet.com)
Date: 08/10/01 

Message-ID: <3B743E3B.238043E8@edgenet.com>
Date: Fri, 10 Aug 2001 15:04:11 -0500
From: "J.D. Meek" <jdmeek@edgenet.com>
To: "Rio Martin." <root@vbme.net>
Subject: Re: Winnt/Win2k Vuln ?

Works on Win2k SP2 as well. This could cause some mischief. ;-}

J.D.

"Rio Martin." wrote:

> I could confirm this, as long as you put executeable file in desktop, then
> you will be able to open it. Extension .BAT wont run. Only .COM will run.
> I also try to rename the file to www.somekind.org and it just showing "Open
> With ..." window.
>
> Regards,
> Rio Martin.
> http://marsud.org/
>
> _
> "Red Pantz" <redpantz@crackdealer.com> wrote something like this:
> > Hello all,
> > I have found that if you name a file (can be any data file) a certain URL,
> on your desktop, and then g0 to IE and type that url, the web site will not
> come up, only the program that was named the certain.confusing?
> > i.e.
> > - copy autoexec.bat to ..\desktop
> > - rename autoexec.bat to www.google.com (can be any url)
> > - then go to IE and type "www.google.com"
> > - your batch file is then ran
> > a few issues i have w/ this is:
> > - the prog will only run if it is on your desktop
> > - if you type "http://www.google.com", for example
> > it will not run(unless u name your file the same thing)
> > - it has only been tested on Win2k SP1, Winnt 4.0 SP6a w/ IE 5.5
> > - it doesn't seem to have any privelage escalation (all progs are run as
> the current user logged on)
> > Just want a few others to try it and see wut they think
> > thanx alot
> > redpantz
> >