Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Browsers :: expl4926.htm

Internet Explorer local file exposure



18th Dec 2001 [SBWID-4926]
COMMAND

	Internet Explorer local file exposure

SYSTEMS AFFECTED

	 IE 6/ Win98

	 IE 6 /Windows XP 

	

PROBLEM

	jelmer found following :
	

	There is a bug in the Microsoft.XMLHTTP component shipped with  Internet
	Explorer 6 which allows reading and sending local files. This  component
	doesn\'t handle http redirects to local  files  properly  In  order  for
	this exploit to work the file name must be known. The  exploit  doesn\'t
	distinguish between extensions, binary or textual  content  witch  makes
	it a high risk exploit in my book
	

	A demonstration is available at http://www.xs4all.nl/~jkuperus/bug.htm

SOLUTION

	 Workaround

	 ==========

	

	Disable active scripting


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH