Adding SMB to Windows, how safe is this?

Question

I came across a small hack, which claims it enables smb:// on windows.
The complaint was that things like <a href="\\computername\path\file.ext">text</a> weren't working.
While true that you can use file:///// in your url's, the user wanted to use smb:// so that it's cross-platform.

The hack goes as follows:
1) Create this Reg file, save and execute it:

REGEDIT4

[HKEY_CLASSES_ROOT\smb]
@="URL:smb Protocol"
"URL Protocol"=""

[HKEY_CLASSES_ROOT\smb\shell]

[HKEY_CLASSES_ROOT\smb\shell\open]

[HKEY_CLASSES_ROOT\smb\shell\open\command]
@="\"C:\\smb.bat\" \"%1\""

And then create the smb.bat file in your C-folder, containing this:

@echo off
cd C:\
set url=%~dpnx1
explorer \%url:~7%
exit

My question: how safe is this, and any other thoughts on the matter? Besides the file:///// thing I mean.

Answer 1

To me, it looks damn dangerous because it allows any website to place "\\RESOURCENAME" URLs, which will work regardless of context, and smb.bat will be called if you click such a link. I don't entirely understand the batch syntax (the ~ part especially) but it seems to me it's possible to pass any kind of argument to explorer.exe.

There's probably no immediate danger because it's very unlikely an outside attacker would guess you have this set up. Still, safe it's not.

Answer 2

I'd much rather have the server detect windows clients output \servername\path scheme for those and smb:// for everything else.

Answer 3

Not to mention, SMB isn't the only protocol that uses that syntax, so does any other filesystem such as WebDAV. Somewhat clever idea though, and I wish that smb:// worked too.