[14035] in bugtraq
Re: Wordpad vulnerability, exploitable also in IE for Win9x
daemon@ATHENA.MIT.EDU (Curtis Anderson, CNE, MCSE)
Fri Feb 25 20:05:07 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <000001bf7f98$3b3440e0$196ba3c6@mb.ism.ca>
Date: Fri, 25 Feb 2000 07:57:17 -0600
Reply-To: canderso@ism.ca
From: "Curtis Anderson, CNE, MCSE" <canderso@ISM.CA>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <014d01bf7e35$19e92720$0b01a8c0@romracer>
----- Original Message -----
Although I feel he makes it fairly evident I thought I'd make a note for
all. This does not work in Windows 2000 using the IE trick. It doesn't
prompt to open Wordpad but rather just uses notepad. I feel this has
something to do with the fact that the filesize limit inherent in Notepad
for win9x isn't there in Windows 2000. Although I could be wrong on this I
just know it doesn't affect Windows 2000 users.
Scott Wade
Systems Administrator
----- Original Message -----
Scott's dead on here - it's Win9x's notepad that sees the file is >64KB and
prompts to launch WordPad. The NT/Win2K versions of Notepad don't have the
filesize limitation (so will simply open the file).
-------------------------------------------------
Curtis Anderson, CNE, MCSE
ISM Manitoba - an IBM Global Services team member
400 Ellice Avenue, Winnipeg, MB R3B 3M3
canderso@ism.ca andersoc@ca.ibm.com
-------------------------------------------------
