Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [News] More Windows/Internet Explorer Holes, Microsoft in Denial

In comp.os.linux.advocacy, Roy Schestowitz
<newsgroups@xxxxxxxxxxxxxxx>
 wrote
on Thu, 06 Jul 2006 00:20:42 +0100
<1176059.s40yciB3Fu@xxxxxxxxxxxxxxx>:
> Microsoft: Shortcut 'trick' is legitimate feature
>
> ,----[ Quote ]
> | A Windows shortcut "trick," which could allow an executable file to
> | be launched when a user types a Web address into Internet Explorer, is
> | not a security vulnerability, Microsoft said.
> | 
> | Using Windows XP and Internet Explorer, a user could type in a Web
> | address--such as www.microsoft.com--into a browser, and instead of
> | launching the Web site the browser would run an executable file located
> | on the user's computer. 
> `----
>
> http://news.com.com/Microsoft+Shortcut+trick+is+legitimate+feature/2100-1002_3-6090840.html?tag=nefd.top

This works even on IE6 running on Linux.  Here's how.

[1] Create a small C++ file with the following source code.

#include <cstdio>
#include <cstdlib>
#include <unistd.h>

int main(int argc, char **argv)
{
        system("xterm -e /bin/bash /home/ewilliam/Desktop/www.stupidstuff.com.sh");

	return 0;
}

[2] Compile:

g++ -o ~/Desktop/www.stupidstuff.com stupidstuff.C

[3] Create a shell script on one's desktop: www.stupidstuff.com.sh :

#!/bin/sh

echo HELLO, WORLD
echo THIS IS GOOFY CALLING FROM A SHELL SCRIPT.
echo Hit RETURN.
read x

[4] Invoke IE and type in www.stupidstuff.com ; hit return
when instructed to make the xterm go away.

This *did* lock up a wineserver on my box, which needed
a SIGTERM before it stopped consuming all sorts of CPU,
on my box, so caveat emptor.  A subsequent invocation,
however, performed normally.  Typical IE.

For its part Firefox ignores the issue totally, coming
up with a webpage proudly blurting out "THIS DOMAIN
NAME HAS JUST BEEN REGISTERED FOR ONE OF OUR CUSTOMERS!"
(Fine.  Ask me if I give a hoot and sixpence.)  However,
one can emulate in part IE's behavior by opening
www.stupidstuff.com.sh using www.stupidstuff.com .

This trick doesn't seem to work with .BAT files on Linux,
which is probably not all that surprising since IE is just
punting on the matter anyway.

I could see this invoking

www.stupidstuff.com/braindead/crap

if the Desktop contains the directory www.stupidstuff.com as well.
Could lead to some interesting (FSVO) malware.

-- 
#191, ewill3@xxxxxxxxxxxxx
Windows Vista.  Because it's time to refresh your hardware.  Trust us.

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index