Vulnerability Development mailing list archives

Re: Winnt/Win2k Vuln ?

From: "J. Bol" <j.bol () itsec nl>
Date: Tue, 14 Aug 2001 10:47:05 +0200

martin.goudreault () notes canadair ca wrote:

You can also do the same thing with files that are associated: *.doc (will open
Word), *.xls (will open Excel), *.mdb (will open Access) and so on...

Try this: Create a word document (or excel sheet) with an automacro, copy it to
your desktop, rename it to whatever URL you want, open IE and type that
address...voila... (worked here!)


This will only work when the option 'Hide file extentions for known file types' is
turn on, which is default and most common on average user's systems.

Verified on NT4-SP6.

Cheers,

Jeroen

--
ITsec Nederland B.V. may not be held liable for the effects or damages caused by
the direct or indirect use of the information or functionality provided by this
posting, nor the content contained within. Use them at your own risk. ITsec
Nederland B.V. bears no responsibility for misuse of this posting or any
derivatives thereof.

Attachment: j.bol.vcf
Description: Card for J. Bol

Current thread:

Re: Winnt/Win2k Vuln ?, (continued)
- - - Re: Winnt/Win2k Vuln ? Ben Ford (Aug 10)
    - Re: Winnt/Win2k Vuln ? Kevin Gagel (Aug 10)
- Re: Winnt/Win2k Vuln ? Ben Ford (Aug 10)
  - RE: Winnt/Win2k Vuln ? David Schwartz (Aug 11)
    - RE: Winnt/Win2k Vuln ? Louis-Eric Simard (Aug 12)
    - RE: Winnt/Win2k Vuln ? David Schwartz (Aug 12)
    - RE: Winnt/Win2k Vuln ? Louis-Eric Simard (Aug 12)
- RE: Winnt/Win2k Vuln ? Red Pantz (Aug 13)
- Re: Winnt/Win2k Vuln ? martin . goudreault (Aug 13)
  - Re: Winnt/Win2k Vuln ? sween (Aug 13)
  - Re: Winnt/Win2k Vuln ? J. Bol (Aug 14)
- Re: Winnt/Win2k Vuln ? martin . goudreault (Aug 14)