TUCoPS :: Browsers :: expl4843.htm

Internet Explorer remote discolure vulnerability
5th Nov 2001 [SBWID-4843]
COMMAND

	iexplorer remote discolure vulnerability

SYSTEMS AFFECTED

	all versions ?

PROBLEM

	dzzie posted :
	

	a  remote  server  can  poll  a  surfers  computer  and  determin   some
	applications they have installed by trying a  load  an  image  with  the
	file:// protocol.
	

	if the file is found on disk the javascript onload event  fires..if  not
	the onerror event fires..
	 

	http://geocities.com/dzzie/sys_snoop1.html

	

	

	you  can  also  check  out  the  remote  system  by  setting  an  iframe
	src=file:// to common paths to txt or xml files..if they are found  they
	will raise the onload event (oddly enough  .html  extension  wont  raise
	event)
	 

	http://geocities.com/dzzie/sys_snoop2.html

	

	

SOLUTION

	Nothing yet.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH