RE: Winnt/Win2k Vuln ?

[JKlemenc () fnal gov]

Was able to reproduce with Win2K SP2 and IE 5.50.4522.1800 when I opened IE
and simply typed in www.google.com (or whatever I named the file - I simply
copied write.exe to Desktop\www.google.com ). I was NOT able to reproduce
this when:
Adding http:// in front of the www.google.com filename in the IE URL bar
When launching it from the Start/Run menu

Joe Klemencic

--- Original Message ---




> - copy autoexec.bat to ..\desktop
> - rename autoexec.bat to www.google.com (can be any url)
> - then go to IE and type "www.google.com"
> - your batch file is then ran

Confirmed on Win2K Pro SP1 (5.00.2195) with IE 5.50.4522.1800 (56-bit).
Actually IE tried to download the www.google.com file probably because of
the '.com' extension. I also went to START/RUN and typed in www.google.com
and it tried to run it too (actually giving me an error about it was not a
vaild Win32 App).