lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu Nov 24 12:13:19 2005
From: Vegar.Linge.Haaland at palantir.no (Haaland, Vegar Linge)
Subject: Window's O/S

Ok, the first one it will open (if you have, let's say: notepad and
notepad.exe) is notepad.exe
I tried a couple of stuff and here's my notes:) :
The folde could be named notepad.exe notepad notepad.cmd or notepad.bat
I also successfully got it to start cmd.exe by copying a copy of cmd to
the desktop folder, and rename it to notepad.exe :)
I'll bet there's tons of stuff we could make this bug do :D
(Worked on Windows XP sp2)

(btw, sorry about my English.. :S)


-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of
indianz@...ianz.ch
Sent: 24. november 2005 12:44
To: pagvac
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Window's O/S
Importance: High

Hi there

same effect under german windows xp sp2... i'm not really a windows
guru, but i think, this has to do with some pre-defined windows and
internet explorer search-paths.

when you enter an url in internet explorer, and have a cd-rom in the
drive, it will move the cd-rom (searching for something?). weird!

GreetZ from IndianZ



> OK, so here is where creativity kicks in.
>
> Anyone has any interesting ideas for exploiting this bug as an attack 
> vector?
>
> On 11/24/05, Sibillano Fabio <Fabio.Sibillano@...ileasing.it> wrote:
>>
>> > Confirmed on Windows XP SP2 (English Version).
>>
>> Italian version too...
>>
>> weird!
>>
>>
>>
>>
>> The information contained in this e-mail may be privileged, 
>> confidential, and protected from disclosure. If you are not the 
>> intended recipient, you are hereby notified that any dissemination, 
>> distribution or duplication of this communication is strictly 
>> prohibited. If you have received this communication in error, please 
>> notify the sender immediately and delete all copies .
>>
>>
>>
>
>
> --
> pagvac (Adrian Pastor)
> www.ikwt.com - In Knowledge We Trust
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


GreetZ from IndianZ

mailto:indianz@...ianz.ch
http://www.indianz.ch

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists