Jump to content

Microsoft: Shortcut 'trick' is legitimate feature

Recommended Posts

What do you all think about this? I don't like it.

"A Windows shortcut "trick," which could allow an executable file to be launched when a user types a Web address into Internet Explorer, is not a security vulnerability, Microsoft said.

Using Windows XP and Internet Explorer, a user could type in a Web address--such as www.microsoft.com--into a browser, and instead of launching the Web site the browser would run an executable file located on the user's computer.

To test the so-called trick, try the following:

• Right click on the Desktop and create a new Shortcut

• Point the shortcut to an executable--such as c:\windows\system32\calc.exe

• Call the shortcut www.microsoft.com

• Start Internet Explorer and type "www.microsoft.com" into the address bar

If the shortcut is then deleted--or the characters "http://" are added before the "www" in the browser address bar--then IE will once again connect to the Internet as expected. "

ZD Net

Link to comment
Share on other sites

yea i heard about that on digg. its pretty interesting with the things you can do with that. it gets a little deeper than you described. for like office pranks, you could save abc.com's main page to a co workers computer, edit the newstitles and stuff to be humorous, then hide it on their computer with the name of www.abc.com. so whenever he/she types it in next, it would show up with your edited page


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...