"Internet Explorer Bug
Internet Explorer 3.0 and 3.01 for 95 and NT
Microsoft Internet Explorer v3.01 has a serious bug which allows web page writers to use ".LNK" and ".URL" files to run programs on a remote computer. This bug is particularly damaging because it uses NO ActiveX, and works even when Internet Explorer is set to its highest security level. It was tested on Microsoft Internet Explorer Version 3.0 (4.70.1155) running Windows 95. Microsoft says that users running Internet Explorer 3.0 and 3.01 for Windows 95 and Windows NT are affected. It does not affect users of Internet Explorer 3.0 / 3.0a for Windows 3.1 or Internet Explorer for Macintosh 2.1 / 3.0 / 3.0a.
The demos on this page assume that Windows is installed in "C:\WINDOWS". WINDOWS 95 DOES NOT PROMPT YOU BEFORE EXECUTING THESE FILES.
.URLs work in both Windows 95 and Windows NT 4.0 -- .LNK"s only work in Windows 95 -- .URL files present a possibly greater danger because they can be easily created by server side scripts to meet the specific settings of a user"s system. We will provide .URL files for execution in the next day or so on this page.
The following table outlines
which areas and users are affected by each shortcut type: