lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri Nov 25 03:18:58 2005
From: aditya.deshmukh at online.gateway.strangled.net (Aditya Deshmukh)
Subject: Window's O/S

 
> > > create an folder on deskop and name it as "notepad".
> > > open internet explorer > go to view > source code > this 
> will open the
> > > contents of notepad folder....!!
> > Even better: rename any exe to notepad.exe ;)
> 
> Is this IE being so stupid as to run with a CWD of Desktop 
> and effectively doing a system("notepad")?
> 
> That'd explain explorer opening up folders called Notepad, 
> and .exe files being run.  Bet it also works on MS Word 
> documents (without a .doc extension, probably), and any other 
> magically executable file...
> 
> Certainly cmd.exe as notepad on the desktop suggests the CWD 
> is your Desktop (so presumably IE's CWD is also Desktop).
> 
> Are there any other external apps IE is stupid enough to run 
> without a full path prefix?  That could be fun too!  :-)
> 

Thank god I run firefox !

Powered by blists - more mailing lists