>I discovered a javascript function (interpreted by Internet Explorer) called "file.writeline()" may be >potentially dangerous for Internet Explorer users. This function allows to write files by means of >JavaScript on a hard disk.
http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0010.html It could be that you are using an old version of IE and independantly redicovered this vulnerability but I sincerely doubt it, especially since you refer to the issue as being in a javascript function, when it was infact the possibilty to create an activex objects that was the issue ( writeline is a method of the filesystem activex object) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
