Re: Winnt/Win2k Vuln ?

[sween <sween () modelm org>]

I actually named the file www.google.com.exe on win95b, IE5 and it
executed causing an illegal operation... no prompting, whatsoever.

On Fri, 10 Aug 2001, Fab Siciliano wrote:

> How is this a vulnerability?
> I am still prompted to whether I want to save the file to disk, or run it 
> from it's current location. The file just doesn't execute unless you want 
> it to.
>
> -Fab
>
>
> At 03:34 PM 8/10/2001, Kevin Gagel wrote:
> > You are incorrect.
> > I am using win2k pro with sp2.
> > I created a batch file and saved it to my desktop. It simply echoed
> > hello.
> > I renamed it to our web site with a .bat on the end.
> > Then in IE addressbar I typed the www address of our web site and the
> > batch file ran.
> >
> > "Rio Martin." wrote:
> > > I could confirm this, as long as you put executeable file in desktop, then
> > > you will be able to open it. Extension .BAT wont run. Only .COM will run.
> > > I also try to rename the file to www.somekind.org and it just showing "Open
> > > With ..." window.
> > >
> > > Regards,
> > > Rio Martin.
> > > http://marsud.org/
> > >
> > > _
> > > "Red Pantz" <redpantz () crackdealer com> wrote something like this:
> > > > Hello all,
> > > > I have found that if you name a file (can be any data file) a certain 
> > URL,
> > > on your desktop, and then g0 to IE and type that url, the web site will not
> > > come up, only the program that was named the certain.confusing?
> > > > i.e.
> > > > - copy autoexec.bat to ..\desktop
> > > > - rename autoexec.bat to www.google.com (can be any url)
> > > > - then go to IE and type "www.google.com"
> > > > - your batch file is then ran
> > > > a few issues i have w/ this is:
> > > > - the prog will only run if it is on your desktop
> > > > - if you type "http://www.google.com";, for example
> > > >   it will not run(unless u name your file the same thing)
> > > > - it has only been tested on Win2k SP1, Winnt 4.0 SP6a w/ IE 5.5
> > > > - it doesn't seem to have any privelage escalation (all progs are run as
> > > the current user logged on)
> > > > Just want a few others to try it and see wut they think
> > > > thanx alot
> > > > redpantz
> >
> > --
> > =============================
> > Kevin W. Gagel
> > Network Administrator
> > College of New Caledonia
> > gagel () cnc bc ca
> > (250)561-5848 loc. 448
> > =============================
>
> ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
> Fab Siciliano
> Networks and Security
> Tel - 215.712.6200 Ext. 312
> Optium, Inc.
> "Break-Through Technology for Optical Transmission"
> http://www.optiumcorp.com
> :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::


--

 ---  -sween                               
| M | http://www.modelm.org                 
 ---  "force feedback computing since 1984."
<meta name="MSSmartTagsPreventParsing" content="TRUE">