Marek Isalski wrote in news:[EMAIL PROTECTED]
>>> create an folder on deskop and name it as "notepad".
>>> open internet explorer > go to view > source code > this will open the
>>> contents of notepad folder....!!
>> Even better: rename any exe to notepad.exe ;)
>
> Is this IE being so stupid as to run with a CWD of Desktop and
> effectively doing a system("notepad")?
Yep.
> That'd explain explorer opening up folders called Notepad, and .exe files
> being run. Bet it also works on MS Word documents (without a .doc
> extension, probably), and any other magically executable file...
>
> Certainly cmd.exe as notepad on the desktop suggests the CWD is your
> Desktop (so presumably IE's CWD is also Desktop).
Yep. You can't see that it's the cwd, but process explorer will show you
it has a handle to desktop open.
> Are there any other external apps IE is stupid enough to run without a
> full path prefix? That could be fun too! :-)
Dunno, but I'll tell you something I spotted the other day.
Copy calc.exe to the root of your C:\ drive, and rename it to
"Program.exe".
Fire up a recently-updated RealPlayer. Watch two instances of calc.exe
appear. Close RealPlayer again. Watch two more instances of calc.exe
appear.
Another un-quoted path with spaces in it. Phj33r!
cheers,
DaveK
--
Can't think of a witty .sigline today....
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
