COMMAND

	iexplorer remote discolure vulnerability

SYSTEMS AFFECTED

	all versions ?

PROBLEM

	dzzie posted :
	

	a  remote  server  can  poll  a  surfers  computer  and  determin   some
	applications they have installed by trying a  load  an  image  with  the
	file:// protocol.
	

	if the file is found on disk the javascript onload event  fires..if  not
	the onerror event fires..
	 

	http://geocities.com/dzzie/sys_snoop1.html

	

	

	you  can  also  check  out  the  remote  system  by  setting  an  iframe
	src=file:// to common paths to txt or xml files..if they are found  they
	will raise the onload event (oddly enough  .html  extension  wont  raise
	event)
	 

	http://geocities.com/dzzie/sys_snoop2.html

	

	

SOLUTION

	Nothing yet.