RE: Winnt/Win2k Vuln ?

["Red Pantz" <redpantz () crackdealer com>]

Jeremy, 

This is not case specific. You can run (almost) any file of your chosing.  And the file being executed runs only w/ the 
permission that are already supplied for the user (so far ;) )

> "Jeremy Rodriguez" <jrodriguez () intellinet-tech com>Cc: <vuln-dev () securityfocus com>
> RE: Winnt/Win2k Vuln ?Date: Fri, 10 Aug 2001 14:33:03 -0400
>
> Regular users have read, read and execute permissions.
> Is the significance, that the autoexec.bat can be altered and then ran?
> How is this possible without write permissions?
> If one can alter it, then it could be exploited.
>
> -----Original Message-----
> From: Mike Duncan [mailto:security () randomtask net]
> Sent: Thursday, August 09, 2001 2:26 PM
> To: Red Pantz
> Cc: vuln-dev () securityfocus com
> Subject: Re: Winnt/Win2k Vuln ?
>
>
> > - copy autoexec.bat to ..\desktop
> > - rename autoexec.bat to www.google.com (can be any url)
> > - then go to IE and type "www.google.com"
> > - your batch file is then ran
>
> Confirmed on Win2K Pro SP1 (5.00.2195) with IE 5.50.4522.1800 (56-bit). 
> Actually IE tried to download the www.google.com file probably because of
> the '.com' extension. I also went to START/RUN and typed in www.google.com
> and it tried to run it too (actually giving me an error about it was not a
> vaild Win32 App).
>
> -- 
> Mike Duncan
> security () randomtask net
> http://www.randomtask.net
>
> "This is what happens when parents make 
> their kids play with dried up Play-Doh."
>                              - Tim Mullen


------------------------------------------------------------
[- Get your own free e-mail @ http://www.crackdealer.com -]