Bugtraq mailing list archives
Re: More reading of local files in MSIE
From: Dave Ahmad <da () securityfocus com>
Date: Fri, 4 Jan 2002 17:47:52 -0700 (MST)
Jelmer, Exploitation is not limited to disclosing the contents of files on client systems. If your exploit page is modified so that a website is opened rather than a local file, the calling script can access the properties of the website. The problem here is that IE6/5.5 does not properly enforce the same origin policy. I believe that this is just another way to exploit the same basic (but extremely serious) problem that was reported by The Pull in this post: http://www.securityfocus.com/archive/1/246522 Also see this entry in the SecurityFocus Vulnerability Database: http://www.securityfocus.com/bid/3721 I have not yet seen a public response from Microsoft. According to The Pull, they were notified (it also went over the list). Dave Ahmad SecurityFocus www.securityfocus.com On Fri, 4 Jan 2002, jelmer wrote:
More reading of local files in MSIE Description There is a security vulnerability in IE 5.5 and 6 (probably other versions as well) which allows reading and sending of local files. The problem lies in the fact that you are able to access a local file's dom by calling the execScript function on a newly created window The sample exploit provided can only read browser readable files however it is highly likely that reading binary files is possible as well (By attaching an event to the dom that calls the httpxmlcomponent, witch itself at the point of writing is still vulnerable as well) In order for this exploit to work the file name must be known. Risk High Systems affected: The vulnerability has been successfully exploited on IE 6 / Windows XP with all patches installed IE 5.5 / Windows ME
Current thread:
- More reading of local files in MSIE jelmer (Jan 04)
- Re: More reading of local files in MSIE Dave Ahmad (Jan 04)
- Re: More reading of local files in MSIE the Pull (Jan 05)