[Geeks are Sexy] technology news

Thursday, June 08, 2006

Windows Hidden Feature or Security Bug?

Infoworld contributing Editor Roger A. Grimes wrote an interesting piece about a recently discovered windows feature that could very well end up as an easily exploitable vulnerability. The news has spreaded pretty much everywhere now, so I guess it's only a matter of time until a smart ass decides to release some code that will exploit this "hidden feature".

The trick is that Internet Explorer 6 and 7 beta can be fooled into running Windows desktop shortcuts instead of going to the Internet. For example, right-click your desktop and choose Create a Shortcut. Tell the shortcut to run Notepad.exe, but name the shortcut "www.aol.com." Now type www.aol.com into IE (Internet Explorer) and see what happens. Instead of going to www.aol.com, IE starts Windows notepad.

Read more.


  • The Windows feature cannot be used from IIS. I did the following and created the shortcut and it worked. Then I moved the shortcut to my websites folder and called the shortcut (www.mysite.biz/www.aol.com and www.mysite.biz/www.aol.com.lnk). Neither of the calls worked so as far as an exploit with IIS... questionable.

    Thank you.

    By Anonymous Anonymous, at 11:53 PM  

Post a Comment

Links to this post:

Create a Link

<< Home