Bugtraq mailing list archives

Re: Wordpad vulnerability, exploitable also in IE for Win9x

From: canderso () ISM CA (Curtis Anderson, CNE, MCSE)
Date: Fri, 25 Feb 2000 07:57:17 -0600


----- Original Message -----
Although I feel he makes it fairly evident I thought I'd make a note for
all.  This does not work in Windows 2000 using the IE trick.  It doesn't
prompt to open Wordpad but rather just uses notepad.  I feel this has
something to do with the fact that the filesize limit inherent in Notepad
for win9x isn't there in Windows 2000.  Although I could be wrong on this I
just know it doesn't affect Windows 2000 users.

Scott Wade
Systems Administrator
----- Original Message -----

Scott's dead on here - it's Win9x's notepad that sees the file is >64KB and
prompts to launch WordPad.  The NT/Win2K versions of Notepad don't have the
filesize limitation (so will simply open the file).
-------------------------------------------------
Curtis Anderson, CNE, MCSE
ISM Manitoba - an IBM Global Services team member
400 Ellice Avenue,   Winnipeg, MB     R3B 3M3
canderso () ism ca             andersoc () ca ibm com
-------------------------------------------------

Current thread:

Re: How the password could be recover using FTP Explorer's registry!, (continued)
- - - Re: How the password could be recover using FTP Explorer's registry! Jeffrey Paul (Feb 28)
    - lynx - someone is deaf and blind ;) Michal Zalewski (Feb 27)
    - EZ Shopper 3.0 shopping cart CGI remote command execution suid () SUID KG (Feb 27)
    - Re: EZ Shopper 3.0 shopping cart CGI remote command execution Alex Heiphetz (Feb 28)
    - W2K & ~25000+ temp files = crash + corruption? Clifford Hammerschmidt (Feb 28)
    - ALERT!: TendMicro InterScan (DOS & intrusion) Veille Technologique (Feb 28)
    - Advisory: Foundry Networks ServerIron TCP/IP sequence predictability Andrew van der Stock (Feb 27)
  - Zonealarm exports sensitive data Andrew Daviel (Feb 24)
    - Re: Zonealarm exports sensitive data Brett Glass (Feb 25)
    - Re: Zonealarm exports sensitive data Robert Graham (Feb 28)
  - Re: Wordpad vulnerability, exploitable also in IE for Win9x Curtis Anderson, CNE, MCSE (Feb 25)
  - Troj_Trinoo and ZZ Simple Nomad (Feb 25)
    - man bugs might lead to root compromise (RH 6.1 and other boxes) Michal Zalewski (Feb 26)
    - Re: man bugs might lead to root compromise (RH 6.1 and other boxes) Mark Whitis (Feb 27)
    - Re: man bugs might lead to root compromise (RH 6.1 and other boxes) H D Moore (Feb 27)
    - Re: man bugs might lead to root compromise (RH 6.1 and other boxes) Michal Zalewski (Feb 28)
    - Re: man bugs might lead to root compromise (RH 6.1 and other boxes) H D Moore (Feb 28)
    - DOS in TrendMicro OfficeScan Veille Technologique (Feb 28)
    - TrendMicro OfficeScan tmlisten.exe DoS Jeff Stevens (Feb 25)
    - Re: Troj_Trinoo and ZZ Simple Nomad (Feb 26)
- Pragma Systems response to USSRLabs report Ussr Labs (Feb 23)

(Thread continues...)