Windows shortcut 'trick' is a feature: Microsoft

by admin July 5, 2006 at 10:01 am

Microsoft has denied that a ‘trick’, which could allow an executable file to be launched when a user types a Web address into Internet Explorer, is a security vulnerability.

Using Windows XP and Internet Explorer, it is easy to create a scenario where a user types in a Web address — such as www.microsoft.com — into their browser and instead of the launching the Web site, the browser runs an executable file that is located on the user’s computer.

In a statement to ZDNet Australia on Tuesday, Peter Watson, chief security advisor at Microsoft Australia, said this is not a security vulnerability but actually a feature that could be used by legitimate applications.

“It’s important to clarify the difference between security problems and legitimate features. A security hole helps an attacker do something they shouldn’t be able to do, which is not the case in this instance.

“Software that the user legitimately has installed on the computer might need exactly this sort of feature provided by IE,” said Watson.

According to Watson, the ‘trick’ could be used to help automation.

Full story: ZDNet Australia