Marek Isalski wrote in news:[EMAIL PROTECTED] >>> create an folder on deskop and name it as "notepad". >>> open internet explorer > go to view > source code > this will open the >>> contents of notepad folder....!! >> Even better: rename any exe to notepad.exe ;) > > Is this IE being so stupid as to run with a CWD of Desktop and > effectively doing a system("notepad")?
Yep. > That'd explain explorer opening up folders called Notepad, and .exe files > being run. Bet it also works on MS Word documents (without a .doc > extension, probably), and any other magically executable file... > > Certainly cmd.exe as notepad on the desktop suggests the CWD is your > Desktop (so presumably IE's CWD is also Desktop). Yep. You can't see that it's the cwd, but process explorer will show you it has a handle to desktop open. > Are there any other external apps IE is stupid enough to run without a > full path prefix? That could be fun too! :-) Dunno, but I'll tell you something I spotted the other day. Copy calc.exe to the root of your C:\ drive, and rename it to "Program.exe". Fire up a recently-updated RealPlayer. Watch two instances of calc.exe appear. Close RealPlayer again. Watch two more instances of calc.exe appear. Another un-quoted path with spaces in it. Phj33r! cheers, DaveK -- Can't think of a witty .sigline today.... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/