In comp.os.linux.advocacy, Roy Schestowitz
<newsgroups@xxxxxxxxxxxxxxx>
wrote
on Thu, 06 Jul 2006 00:20:42 +0100
<1176059.s40yciB3Fu@xxxxxxxxxxxxxxx>:
> Microsoft: Shortcut 'trick' is legitimate feature
>
> ,----[ Quote ]
> | A Windows shortcut "trick," which could allow an executable file to
> | be launched when a user types a Web address into Internet Explorer, is
> | not a security vulnerability, Microsoft said.
> |
> | Using Windows XP and Internet Explorer, a user could type in a Web
> | address--such as www.microsoft.com--into a browser, and instead of
> | launching the Web site the browser would run an executable file located
> | on the user's computer.
> `----
>
> http://news.com.com/Microsoft+Shortcut+trick+is+legitimate+feature/2100-1002_3-6090840.html?tag=nefd.top
This works even on IE6 running on Linux. Here's how.
[1] Create a small C++ file with the following source code.
#include <cstdio>
#include <cstdlib>
#include <unistd.h>
int main(int argc, char **argv)
{
system("xterm -e /bin/bash /home/ewilliam/Desktop/www.stupidstuff.com.sh");
return 0;
}
[2] Compile:
g++ -o ~/Desktop/www.stupidstuff.com stupidstuff.C
[3] Create a shell script on one's desktop: www.stupidstuff.com.sh :
#!/bin/sh
echo HELLO, WORLD
echo THIS IS GOOFY CALLING FROM A SHELL SCRIPT.
echo Hit RETURN.
read x
[4] Invoke IE and type in www.stupidstuff.com ; hit return
when instructed to make the xterm go away.
This *did* lock up a wineserver on my box, which needed
a SIGTERM before it stopped consuming all sorts of CPU,
on my box, so caveat emptor. A subsequent invocation,
however, performed normally. Typical IE.
For its part Firefox ignores the issue totally, coming
up with a webpage proudly blurting out "THIS DOMAIN
NAME HAS JUST BEEN REGISTERED FOR ONE OF OUR CUSTOMERS!"
(Fine. Ask me if I give a hoot and sixpence.) However,
one can emulate in part IE's behavior by opening
www.stupidstuff.com.sh using www.stupidstuff.com .
This trick doesn't seem to work with .BAT files on Linux,
which is probably not all that surprising since IE is just
punting on the matter anyway.
I could see this invoking
www.stupidstuff.com/braindead/crap
if the Desktop contains the directory www.stupidstuff.com as well.
Could lead to some interesting (FSVO) malware.
--
#191, ewill3@xxxxxxxxxxxxx
Windows Vista. Because it's time to refresh your hardware. Trust us.
|
|