[15494] in bugtraq
Re: Force Feeding
daemon@ATHENA.MIT.EDU (M. Burnett)
Tue Jun 27 16:28:27 2000
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <002a01bfdf9f$77438110$d912c5d1@xato.net>
Date: Mon, 26 Jun 2000 12:50:55 -0600
Reply-To: "M. Burnett" <mark@BURNETTS.NET>
From: "M. Burnett" <mark@BURNETTS.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
> The demo exploit won't work in W2K because the temp directory where the
> .exe is downloaded to is "c:\documents and
> settings\'username'\local settings\temp". If it is possible to get the
> username through JavaScript and another ActiveX control it could possibly
> be made to work there also.
Although I haven't tested it, I believe you can use environment variables in
the codebase location. The variable to use would be %USERPROFILE% although
you could also use %HOMEPATH%, %TEMP%, or %TMP%.
M. Burnett
