Re: Rather large MSIE-hole

From: Paul D. Campbell (antihero@sig9.com)
Date: 03/14/02 

From: "Paul D. Campbell" <antihero@sig9.com>
Date: Thu, 14 Mar 2002 11:08:36 -0800
To: vuln-dev@securityfocus.com

> Could you not create a batch file that housed the commands you wanted
> to run
> (with args) and just run the batch file?
> I apologise if someone has already addressed this.
>
> -Eric

You would probably be able to do this. However, you would first need
to place the batch file on the target machine. Then you would have to
sit around and hope the user visits your malicious site. Though, if
you have the capability to write to someone's harddrive you could do
something much nastier than this :)

Paul

Relevant Pages

  • got it!
    ... set up a batch file in the winnt folder so i could run a series of commands ... You also have to lower the version of the policy, ... >> (you can use the scheduler to schedule remotely): ...
    (microsoft.public.win2000.security)
  • Re: Offline Defrag command line
    ... You can also create a batch file with all the commands pre-configured ... b/c you will have the commands and syntax in the batch file. ... It makes the life of an Exchange Admin easier. ...
    (microsoft.public.exchange.admin)
  • Re: Someone hacked one of my servers
    ... The first few commands are trying to open a C: drive by logging in with the ... The %1 command implies this is a batch file where the ... accounts named Admin or Administrator to allow future access. ... firewall logs Otherwise, ...
    (microsoft.public.win2000.security)
  • Re: Batch File Did Not Run Correctly
    ... commands in the batch file are exactly the same, ... drive got disconnected before the software finished the installation. ... I do not get any error message. ...
    (microsoft.public.windows.file_system)
  • Re: Importing dns records
    ... "Joe Cormane" wrote: ... a batch file for each of those commands to iterate through the contents ... then use those in a single batch file. ...
    (microsoft.public.windows.server.dns)