Re: Winnt/Win2k Vuln ?

[martin.goudreault () notes canadair ca]

Scarry...

I tried it with Win2K SP2 and it works! Also, tried it with a exec file (renamed
to WWW.TEST.COM) and the file executed no questions asked! Tried it with a valid
(and verified) URL name (www.novell.com) and guess what? Same results!

Can potentially be harmful.

Martin Goudreault
Senior Systems Support
Bombardier - AeroSpace
St-Laurent, Qc, Canada
514-855-5001 x55488





"Red Pantz" <redpantz () crackdealer com> on 08/08/2001 05:17:40 PM

To:   vuln-dev () securityfocus com
cc:    (bcc: Martin Goudreault/Canadair/Bombardier)
Subject:  Winnt/Win2k Vuln ?



Hello all,

I have found that if you name a file (can be any data file) a certain URL, on
your desktop, and then g0 to IE and type that url, the web site will not come
up, only the program that was named the certain.confusing?

i.e.

- copy autoexec.bat to ..\desktop
- rename autoexec.bat to www.google.com (can be any url)
- then go to IE and type "www.google.com"
- your batch file is then ran

a few issues i have w/ this is:

- the prog will only run if it is on your desktop
- if you type "http://www.google.com";, for example
  it will not run(unless u name your file the same thing)
- it has only been tested on Win2k SP1, Winnt 4.0 SP6a w/ IE 5.5
- it doesn't seem to have any privelage escalation (all progs are run as the
current user logged on)

Just want a few others to try it and see wut they think

thanx alot
redpantz

------------------------------------------------------------
[- Get your own free e-mail @ http://www.crackdealer.com -]

Attachment: att1.eml
Description: