Vulnerability Development mailing list archives

Re: Winnt/Win2k Vuln ?

From: "Meritt James" <meritt_james () bah com>
Date: Fri, 10 Aug 2001 15:15:36 -0400

Think that is scary?  I cannot state about the current browser, but
previous versions bypassed a lot of the NT security features.  Happens
when the browser is made an integral part of the OS - but for legal
reasons and with apparently little concerns to security ones.

martin.goudreault () notes canadair ca wrote:


Scarry...

I tried it with Win2K SP2 and it works! Also, tried it with a exec file (renamed
to WWW.TEST.COM) and the file executed no questions asked! Tried it with a valid
(and verified) URL name (www.novell.com) and guess what? Same results!

Can potentially be harmful.

Martin Goudreault
Senior Systems Support
Bombardier - AeroSpace
St-Laurent, Qc, Canada
514-855-5001 x55488

"Red Pantz" <redpantz () crackdealer com> on 08/08/2001 05:17:40 PM

To:   vuln-dev () securityfocus com
cc:    (bcc: Martin Goudreault/Canadair/Bombardier)
Subject:  Winnt/Win2k Vuln ?

Hello all,

I have found that if you name a file (can be any data file) a certain URL, on
your desktop, and then g0 to IE and type that url, the web site will not come
up, only the program that was named the certain.confusing?

i.e.

- copy autoexec.bat to ..\desktop
- rename autoexec.bat to www.google.com (can be any url)
- then go to IE and type "www.google.com"
- your batch file is then ran

a few issues i have w/ this is:

- the prog will only run if it is on your desktop
- if you type "http://www.google.com";, for example
  it will not run(unless u name your file the same thing)
- it has only been tested on Win2k SP1, Winnt 4.0 SP6a w/ IE 5.5
- it doesn't seem to have any privelage escalation (all progs are run as the
current user logged on)

Just want a few others to try it and see wut they think

thanx alot
redpantz

------------------------------------------------------------
[- Get your own free e-mail @ http://www.crackdealer.com -]

  ------------------------------------------------------------------------
               Name: att1.eml
   att1.eml    Type: MHTML Document (message/rfc822)
           Encoding: base64


-- 
James W. Meritt, CISSP, CISA
Booz, Allen & Hamilton
phone: (410) 684-6566

Current thread:

Re: Winnt/Win2k Vuln ?, (continued)
- Re: Winnt/Win2k Vuln ? Kaneda Akira (Aug 10)
- Re: Winnt/Win2k Vuln ? Rio Martin. (Aug 10)
  - Re: Winnt/Win2k Vuln ? Kevin Gagel (Aug 10)
    - Re: Winnt/Win2k Vuln ? Fab Siciliano (Aug 10)
    - Re: Winnt/Win2k Vuln ? sween (Aug 10)
  - Re: Winnt/Win2k Vuln ? J.D. Meek (Aug 10)
  - Re: Winnt/Win2k Vuln ? Kaneda Akira (Aug 11)
- Re:Winnt/Win2k Vuln ? Thiago Campos (Aug 10)
- RE: Winnt/Win2k Vuln ? JKlemenc (Aug 10)
- Re: Winnt/Win2k Vuln ? martin . goudreault (Aug 10)
  - Re: Winnt/Win2k Vuln ? Meritt James (Aug 10)
    - RE: Winnt/Win2k Vuln ? David Schwartz (Aug 10)
    - Re: Winnt/Win2k Vuln ? Meritt James (Aug 10)
    - Re: Winnt/Win2k Vuln ? Ben Ford (Aug 10)
    - Re: Winnt/Win2k Vuln ? Kevin Gagel (Aug 10)
- Re: Winnt/Win2k Vuln ? Ben Ford (Aug 10)
  - RE: Winnt/Win2k Vuln ? David Schwartz (Aug 11)
    - RE: Winnt/Win2k Vuln ? Louis-Eric Simard (Aug 12)
    - RE: Winnt/Win2k Vuln ? David Schwartz (Aug 12)
    - RE: Winnt/Win2k Vuln ? Louis-Eric Simard (Aug 12)
- RE: Winnt/Win2k Vuln ? Red Pantz (Aug 13)

(Thread continues...)