Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Winnt/Win2k Vuln ?

From: Vulnerability Development <vulndev () infosecure com au>
Date: Fri, 10 Aug 2001 09:31:09 -0800 (GMT+8)
On Wed, 8 Aug 2001, Red Pantz wrote:


Hello all, 

I have found that if you name a file (can be any data file) a certain URL, on your desktop, and then g0 to IE and 
type that url, the web site will not come up, only the program that was named the certain.confusing? 

i.e.

- copy autoexec.bat to ..\desktop
- rename autoexec.bat to www.google.com (can be any url)
- then go to IE and type "www.google.com"
- your batch file is then ran



This is because Windows (or IE) associated the .com extension with 16 bit
windows binaries (like command.com and all the old DOS stuff).  If you
rename a .bat file to .com it does not run correctly.

I created a file www.google.com containing the line...
echo This is a test > c:\data

When I ran this from the browser it failed with a 16 bit MS-DOS subsystem
error (illegal instruction). To make this work, you would need to create a
.com binary file.  You might be able to use the old exe2bin utility.

Dave Taylor
Previous By Date Next
Previous By Thread Next

Current thread: