lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu Nov 24 16:40:31 2005
From: gilles.demarty at gmail.com (Gilles DEMARTY)
Subject: Re: Window's O/S

hi list,

you can workaround this 'problem' and protect yourself against an
intruder, by patching your registry file :

(Do it at your own risks : )

HKLM\SOFTWARE\Microsoft\Internet Explorer\View Source Editor\Editor Name

and set the default key to 'c:\windows\notepad.exe' (or any editor you
wanna use, providing the full path).

Gilles


2005/11/24, Dave Korn <davek_throwaway@...mail.com>:
> Marek Isalski wrote in news:s385b72e.070@...l.smuht.nwest.nhs.uk
> >>> create an folder on deskop and name it as "notepad".
> >>> open internet explorer > go to view > source code > this will open the
> >>> contents of notepad folder....!!
> >> Even better: rename any exe to notepad.exe ;)
> >
> > Is this IE being so stupid as to run with a CWD of Desktop and
> > effectively doing a system("notepad")?
>
>   Yep.
>
> > That'd explain explorer opening up folders called Notepad, and .exe files
> > being run.  Bet it also works on MS Word documents (without a .doc
> > extension, probably), and any other magically executable file...
> >
> > Certainly cmd.exe as notepad on the desktop suggests the CWD is your
> > Desktop (so presumably IE's CWD is also Desktop).
>
>   Yep.  You can't see that it's the cwd, but process explorer will show you
> it has a handle to desktop open.
>
> > Are there any other external apps IE is stupid enough to run without a
> > full path prefix?  That could be fun too!  :-)
>
>   Dunno, but I'll tell you something I spotted the other day.
>
>   Copy calc.exe to the root of your C:\ drive, and rename it to
> "Program.exe".
>
>   Fire up a recently-updated RealPlayer.  Watch two instances of calc.exe
> appear.  Close RealPlayer again.  Watch two more instances of calc.exe
> appear.
>
>   Another un-quoted path with spaces in it.  Phj33r!
>
>      cheers,
>         DaveK
> --
> Can't think of a witty .sigline today....
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ