[Full-disclosure] Re: Window's O/S

[Dave Korn]

Marek Isalski wrote in news:s385b72e.070 at mail.smuht.nwest.nhs.uk
>>> create an folder on deskop and name it as "notepad".
>>> open internet explorer > go to view > source code > this will open the
>>> contents of notepad folder....!!
>> Even better: rename any exe to notepad.exe ;)
>
> Is this IE being so stupid as to run with a CWD of Desktop and
> effectively doing a system("notepad")?

  Yep.

> That'd explain explorer opening up folders called Notepad, and .exe files
> being run.  Bet it also works on MS Word documents (without a .doc
> extension, probably), and any other magically executable file...
>
> Certainly cmd.exe as notepad on the desktop suggests the CWD is your
> Desktop (so presumably IE's CWD is also Desktop).

  Yep.  You can't see that it's the cwd, but process explorer will show you 
it has a handle to desktop open.

> Are there any other external apps IE is stupid enough to run without a
> full path prefix?  That could be fun too!  :-)

  Dunno, but I'll tell you something I spotted the other day.

  Copy calc.exe to the root of your C:\ drive, and rename it to 
"Program.exe".

  Fire up a recently-updated RealPlayer.  Watch two instances of calc.exe 
appear.  Close RealPlayer again.  Watch two more instances of calc.exe 
appear.

  Another un-quoted path with spaces in it.  Phj33r!

     cheers,
        DaveK
-- 
Can't think of a witty .sigline today....