[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1499C4864E1D064E9F720B9427FDB8881DC34B@pals003.palantir.no>
Date: Thu Nov 24 12:13:19 2005
From: Vegar.Linge.Haaland at palantir.no (Haaland, Vegar Linge)
Subject: Window's O/S
Ok, the first one it will open (if you have, let's say: notepad and
notepad.exe) is notepad.exe
I tried a couple of stuff and here's my notes:) :
The folde could be named notepad.exe notepad notepad.cmd or notepad.bat
I also successfully got it to start cmd.exe by copying a copy of cmd to
the desktop folder, and rename it to notepad.exe :)
I'll bet there's tons of stuff we could make this bug do :D
(Worked on Windows XP sp2)
(btw, sorry about my English.. :S)
-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of
indianz@...ianz.ch
Sent: 24. november 2005 12:44
To: pagvac
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Window's O/S
Importance: High
Hi there
same effect under german windows xp sp2... i'm not really a windows
guru, but i think, this has to do with some pre-defined windows and
internet explorer search-paths.
when you enter an url in internet explorer, and have a cd-rom in the
drive, it will move the cd-rom (searching for something?). weird!
GreetZ from IndianZ
> OK, so here is where creativity kicks in.
>
> Anyone has any interesting ideas for exploiting this bug as an attack
> vector?
>
> On 11/24/05, Sibillano Fabio <Fabio.Sibillano@...ileasing.it> wrote:
>>
>> > Confirmed on Windows XP SP2 (English Version).
>>
>> Italian version too...
>>
>> weird!
>>
>>
>>
>>
>> The information contained in this e-mail may be privileged,
>> confidential, and protected from disclosure. If you are not the
>> intended recipient, you are hereby notified that any dissemination,
>> distribution or duplication of this communication is strictly
>> prohibited. If you have received this communication in error, please
>> notify the sender immediately and delete all copies .
>>
>>
>>
>
>
> --
> pagvac (Adrian Pastor)
> www.ikwt.com - In Knowledge We Trust
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
GreetZ from IndianZ
mailto:indianz@...ianz.ch
http://www.indianz.ch
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists