Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Internet Explorer Vulnerability

Internet Explorer Vulnerability

by phiber on August 11th, 2001 Bugtraq is crowded with messages about the latest Windows/Internet Explorer vulnerability. It is exploited by running a simple command - renaming a file.


Impact:

Try to copy some .bat file to your desktop. Rename the file to some url. (eg. www.some.url). Go to IE and type the name of the file (www.some.url). The file will get executed.

- This can be used by a malicious attacker to exploit any known IE bug and create a batch file which will format your hard drive, for example. The most important thing while exploiting this vulnerability is to name the file with some famous site + .bat. Like www.xatrix.org.bat :-)

- We have a verified test using this vulnerability by renaming an EXE file to URL on Win2k service pack 2.


Solution:

Any suggestions? Post a comment below if you know any.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »