Hi all.

Here's another reason to use Ubuntu, not Win***s.

I just found a bug in IE. :mrgreen:

1. Create a directory called 'Notepad' on the desktop. (Could be an executable called Notepad.exe, too).

2. Fire up IE, and navigate to your favorite web page (any webpage).

3. Right-click and select 'View source'. IE will open the folder (or the executable). :mrgreen:

It's soooo funny! LOL! 8)
Just imagine how somebody could explode this... wuhahahahaahah (evil laugh)

LOL

wow. Just....wow.

Thats why I love microsucks (LOL)

That's rather a weird exploit. Most IE users I know don't really look at HTML source. And someone would have to get an executable on your desktop called notepad.exe.

But I did try out your bug, and it "works."

How did you find it out?

Ubuntu has bugs too.

I just found that out because I use a program called Notepad2 (when I'm in windows some day), for HTML editing when I'm boring.

So I put that on the Desktop, and just that... I found out the bug. :mrgreen:

Ubuntu has bugs too.
Let's not forget the famous plain-text storage of the Breezy administrator password. (http://www.ubuntuforums.org/showthread.php?t=143334)

Ubuntu has bugs too.
yes.

But few are as blatant as this...or as potentially hazardous, given the fact that Windows has very poor privelege/permission controls....

Ubuntu has bugs too.

Of course it does, there's no such thing as bug free software.

yes.

But few are as blatant as this...or as potentially hazardous, given the fact that Windows has very poor privelege/permission controls....
The plain text password one was far more potentially hazardous, but it did get patched quite quickly.

I would name your thread 'a funny bug in MS Windows' instead of the current thread title.

Yes because we all now everybody puts notepad on his desktop and notepad will format your drive without giving any warning.. cause well you know it's evil like that :rolleyes:


yes.

But few are as blatant as this...or as potentially hazardous, given the fact that Windows has very poor privelege/permission controls....

Yes because we all now everybody puts notepad on his desktop and notepad will format your drive without giving any warning.. cause well you know it's evil like that :rolleyes:
It doesn't have to be notepad. It can be any executable that's renamed as notepad.exe.

Still, the likelihood that something could put a notepad.exe on your desktop without you thinking it strange and then you subsequently viewing HTML source in your browser is pretty low.

This is better than opening up Notepad on the school computers and typing "HA HA HA! I HACKED YOUR COMPUTER!"

One kid actually fell for it.

Of course it does, there's no such thing as bug free software.

You are 100% right. I find this bug funny but not a reason to stop using "Win***s" though.

this is true. but you can conceivably put a hidden file named notepad.exe in the Desktop directory.

the social engineering would be getting them to view source.

Potential exploit: hidden, fake notepad.exe files are placed in a school or college computer lab. "OK, now we are going to view the source of a webpage" says the instructor.

student views source.

fake notepad.exe executes--which is really a trojan, installing something even MORE ugly, then calling the real notepad.

This, like many exploits, isn't particularly dangerous. As posters have pointed out, it would take a fairly odd set of circumstances for anyone to activate it by accident (although I'm certain someone would). It does however, signal to me some underlying problem that a smart hacker will likely leverage.

Paul

Yeah, sure. It isn't potentially dangerous.

But still funny. :mrgreen:

I can imagine MS's answer "It's not a bug! it is a feature"

Like hold down shift + some ohter key (can't remember wich) and press shutdown and explorer.exe restart. my friend found it by mistake, e-mails MS and got that response.

One thing you can rest easy about--putting a hidden file called thunderbird.exe doesn't have the .exe get invoked with a mailto: link in Internet Explorer. I'm assuming the same would be true for Outlook, if it were the default email client on someone's computer.

I can imagine MS's answer "It's not a bug! it is a feature"

Like hold down shift + some ohter key (can't remember wich) and press shutdown and explorer.exe restart. my friend found it by mistake, e-mails MS and got that response.

Sort of like shift-backspace in Gnome?

Paul

i got it to work with a directory but not an exe

and try to name a folder "con" on the desktop

And it only gets better:

http://news.com.com/Microsoft+Shortcut+trick+is+legitimate+feature/2100-1002_3-6090840.html
http://www.theinquirer.net/default.aspx?article=32847

that is just weird ...

-- when i made a 'notepad' folder, "view source" opened that desktop folder [which is totally pointless] ...
-- when i copied mplayer2.exe to the desktop and renamed it notepad.exe, IE opened mlpayer2.exe when doing "view soure" ...

actually, it could be a "feature" if you don't like using notepad to "view source" ... maybe copy wordpad or an HTML editor to the desktop as notepad.exe ...