The depth of the secret IE desktop associated with vulnerability-vulnerability warning-the black bar safety net

2009-08-02T00:00:00
ID MYHACK58:62200924105
Type myhack58
Reporter 佚名
Modified 2009-08-02T00:00:00

Description

Taken from the X-Files,own Lite to write out

Article source: http://www.smxiaoqiang.cn

As is well known, windows design philosophy is convenient, when we open the IE browser, in the address bar enter“my computer”, then skip directly to“My Computer”

This shows that windows has the Internet Explorer and system integration together, it would have been convenient for the user to use, but unexpectedly also became a vulnerability, why do you say that?

For convenience, I'll use the calc(calculator)for demo, test environment: winxp sp3 + IE7

Methods: we will calc. exe on the desktop, in the IE address bar enter"calc.exe"the point of return, the calculator to run successfully.

Use: one tip: in WINDOWS, all suffix. com file can to EXE way to run play through the remote control knows it. Now put on the desktop calc. exe insteadwww.baidu.com.

Everyone with IE openwww.baidu.comto look at, just run the calculator. Oh, use it needless to say. Can also be changed to management to address, everyone in the server in the IE address bar to see.

The property is set to hidden, in my computer--tools--Folder Options--View--Show hidden files and folders

The current through the kill IE6 and IE7, IE8 and Firefox and the Google browser is not passed, but the server generally does not installed.