[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-disclosure] Window's O/S

To: "'Marek Isalski'" <Marek.Isalski@xxxxxxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: RE: [Full-disclosure] Window's O/S
From: "Aditya Deshmukh" <aditya.deshmukh@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 25 Nov 2005 08:46:54 +0530

 
> > > create an folder on deskop and name it as "notepad".
> > > open internet explorer > go to view > source code > this 
> will open the
> > > contents of notepad folder....!!
> > Even better: rename any exe to notepad.exe ;)
> 
> Is this IE being so stupid as to run with a CWD of Desktop 
> and effectively doing a system("notepad")?
> 
> That'd explain explorer opening up folders called Notepad, 
> and .exe files being run.  Bet it also works on MS Word 
> documents (without a .doc extension, probably), and any other 
> magically executable file...
> 
> Certainly cmd.exe as notepad on the desktop suggests the CWD 
> is your Desktop (so presumably IE's CWD is also Desktop).
> 
> Are there any other external apps IE is stupid enough to run 
> without a full path prefix?  That could be fun too!  :-)
> 

Thank god I run firefox !

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] Window's O/S
  - From: Marek Isalski

Prev by Date: RE: [Full-disclosure] Return of the Phrack High Council
Next by Date: RE: [Full-disclosure] Window's O/S
Previous by thread: Re: [Full-disclosure] Re: Window's O/S
Next by thread: [Full-disclosure] Window's O/S
Index(es):
- Date
- Thread