[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Window's O/S

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Window's O/S
From: "Marek Isalski" <Marek.Isalski@xxxxxxxxxxxxxxxxxx>
Date: Thu, 24 Nov 2005 12:50:32 +0000

> > create an folder on deskop and name it as "notepad".
> > open internet explorer > go to view > source code > this will open the
> > contents of notepad folder....!!
> Even better: rename any exe to notepad.exe ;)

Is this IE being so stupid as to run with a CWD of Desktop and effectively 
doing a system("notepad")?

That'd explain explorer opening up folders called Notepad, and .exe files being 
run.  Bet it also works on MS Word documents (without a .doc extension, 
probably), and any other magically executable file...

Certainly cmd.exe as notepad on the desktop suggests the CWD is your Desktop 
(so presumably IE's CWD is also Desktop).

Are there any other external apps IE is stupid enough to run without a full 
path prefix?  That could be fun too!  :-)



-------------------------------------------------------------
This message has been scanned for all viruses by Sophos Sweep
<<<<GWAVAsig>>>>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- [Full-disclosure] Re: Window's O/S
  - From: Dave Korn
- RE: [Full-disclosure] Window's O/S
  - From: Aditya Deshmukh

Prev by Date: Re: [Full-disclosure] Window's O/S
Next by Date: Re: [Full-disclosure] Window's O/S
Previous by thread: Re: [Full-disclosure] Window's O/S
Next by thread: [Full-disclosure] Re: Window's O/S
Index(es):
- Date
- Thread