Ok, the first one it will open (if you have, let's say: notepad and notepad.exe) is notepad.exe I tried a couple of stuff and here's my notes:) : The folde could be named notepad.exe notepad notepad.cmd or notepad.bat I also successfully got it to start cmd.exe by copying a copy of cmd to the desktop folder, and rename it to notepad.exe :) I'll bet there's tons of stuff we could make this bug do :D (Worked on Windows XP sp2)
(btw, sorry about my English.. :S) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 24. november 2005 12:44 To: pagvac Cc: [email protected] Subject: Re: [Full-disclosure] Window's O/S Importance: High Hi there same effect under german windows xp sp2... i'm not really a windows guru, but i think, this has to do with some pre-defined windows and internet explorer search-paths. when you enter an url in internet explorer, and have a cd-rom in the drive, it will move the cd-rom (searching for something?). weird! GreetZ from IndianZ > OK, so here is where creativity kicks in. > > Anyone has any interesting ideas for exploiting this bug as an attack > vector? > > On 11/24/05, Sibillano Fabio <[EMAIL PROTECTED]> wrote: >> >> > Confirmed on Windows XP SP2 (English Version). >> >> Italian version too... >> >> weird! >> >> >> >> >> The information contained in this e-mail may be privileged, >> confidential, and protected from disclosure. If you are not the >> intended recipient, you are hereby notified that any dissemination, >> distribution or duplication of this communication is strictly >> prohibited. If you have received this communication in error, please >> notify the sender immediately and delete all copies . >> >> >> > > > -- > pagvac (Adrian Pastor) > www.ikwt.com - In Knowledge We Trust > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > GreetZ from IndianZ mailto:[EMAIL PROTECTED] http://www.indianz.ch _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
