-1

I have a web app that must be run from a CDROM.

I need to exec an exe file and I have a problem with doing it. In IE if I call href="file://path/exefile" from an anchor. I can exec it (after a pair of security requests) while in Firefox the user must save the exe file, then run it and an error comes.

Is there a way to run the exe from the browser(I don't know, say using Flash or other stuff)?

I don't use the http:// protocol but the file:// protocol because it is run from a CDROM.

iknow
  • 8,358
  • 12
  • 41
  • 68
Cris
  • 12,124
  • 27
  • 92
  • 159
  • @TomalakGeret'kal : I think you haven't used any software magazine compact discs. There are lots of computer magazine who creates autorun cd roms for distribution of softwares. In india we have Digit / Chip –  Dec 18 '11 at 16:34
  • 2
    @AmitRanjan - And most of them are **not** web applications, but custom executables. – Oded Dec 18 '11 at 16:35
  • 1
    @AmitRanjan: What does that have to do with the World Wide Web? – Lightness Races in Orbit Dec 18 '11 at 16:35
  • @Tomalak, u think to be useful with these answers? – Cris Dec 18 '11 at 16:37
  • @Cris: If it helps Amit to realise where he's misunderstanding then, yes. If it prevents him from teaching you the wrong answer then you should even be grateful. But, if you prefer, I won't make the mistake of spending my Sunday afternoon on you for free again. – Lightness Races in Orbit Dec 18 '11 at 16:38
  • If you have heard about the Obout Suite. They redistribute their app in same manner –  Dec 18 '11 at 16:39
  • 1
    @Amit: A cursory glance at their website indicates an `.exe` installer, not a web page. The magazines you buy may ship a CD with an autorun executable that launches a webpage, but they absolutely do not do it the other way around. – Lightness Races in Orbit Dec 18 '11 at 16:41

2 Answers2

3

Thank {$deity} there isn't, otherwise any web page you viewed could execute random code on your machine outside of the browser sandbox.

This is not possible because of the severe security implication of allowing a webpage to run any executable.

Oded
  • 489,969
  • 99
  • 883
  • 1,009
  • Indeed. It sounds like a "web" app was a very poor choice for this project. (It also sounds like it was not properly planned..!) – Lightness Races in Orbit Dec 18 '11 at 16:31
  • It is possible to do that by [registering a custom URL protocol](https://stackoverflow.com/questions/80650/how-do-i-register-a-custom-url-protocol-in-windows) to open the `.exe`. – Anderson Green May 21 '22 at 03:46
  • @AndersonGreen - sure, but that requires first registering the protocol on the users OS. This is very different from launching any random executable you want. – Oded May 23 '22 at 07:42
1

Internet Code Download linking (AS PER MSDN)

In this complicated alternative, the Web page bypasses the ordinary File Download process by utilizing Internet Code Download. Internet Code Download is the Internet Explorer feature that allows Web pages to automatically download ActiveX controls and other native code objects. Files obtained through Internet Code Download pass through the ActiveX security framework, which is controllable by security options. 1.If the "executable file" is not a signable PE (.exe) such as a .bat file, then the file must be packaged in a .cab file with an INF in the following form. **

[version]
   signature="$CHICAGO$"
   AdvancedINF=2.0
[Add.Code]
   file.zzz=file.zzz
[file.zzz]
   clsid={15589FA1-C456-11CE-BF01-00AA0055595A}
   FileVersion=1,0,0,0
   hook=zzzinstaller
[zzzinstaller]
   run=%EXTRACT_DIR%\file.zzz

** Replace the instance of File.zzz above with the executable file to be run.

For more information about how to package the .cab file, visit the following Microsoft Developer Network (MSDN) Web site: http://msdn.microsoft.com/en-us/library/aa741200(VS.85).aspx (http://msdn.microsoft.com/en-us/library/aa741200(VS.85).aspx) 2.Ensure that the .exe (or .cab) is code-signed. If the .exe has not been signed, this can be done using the CryptoAPI Authenticode Code Signing tools. Refer to the CryptoAPI documentation in the MSDN Platform SDK under the "Security" heading for more information.

For security reasons, the process of signing code for an organization is best handled by a central authority that is trusted by the entire organization. Code signing requires either the purchase of costly certificates from external vendors such as VeriSign or the maintenance of a certificate server such as Microsoft Certificate Server on the intranet. 3.Use this example page as a guideline for the link and script necessary to launch the signed code without prompt:

<HTML><HEAD><TITLE>Page of executable links</TITLE></HEAD>
<BODY>
<BR/>

<!-- hyperlink uses central script function called linkit() -->
<A HREF="" onclick="return linkit('signed-testfile.exe');">
SIGNED-CLOCK.EXE</A>

<SCRIPT>
// linkit puts filename into HTML content and spews it into iframe
function linkit(filename)
{
   strpagestart = "<HTML><HEAD></HEAD><BODY><OBJECT CLASSID=" +
      "'CLSID:15589FA1-C456-11CE-BF01-00AA0055595A' CODEBASE='";
   strpageend = "'></OBJECT></BODY></HTML>";
   runnerwin.document.open();
   runnerwin.document.write(strpagestart + filename + strpageend);
   window.status = "Done.";
   return false;  // stop hyperlink and stay on this page
}
</SCRIPT>

<!-- hidden iframe used for inserting html content -->
<IFRAME ID=runnerwin WIDTH=0 HEIGHT=0 SRC="about:blank"></IFRAME><BR/>

</BODY></HTML>

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.