TUCoPS :: Browsers :: expl4926.htm

Internet Explorer local file exposure
18th Dec 2001 [SBWID-4926]

	Internet Explorer local file exposure


	 IE 6/ Win98

	 IE 6 /Windows XP 



	jelmer found following :

	There is a bug in the Microsoft.XMLHTTP component shipped with  Internet
	Explorer 6 which allows reading and sending local files. This  component
	doesn\'t handle http redirects to local  files  properly  In  order  for
	this exploit to work the file name must be known. The  exploit  doesn\'t
	distinguish between extensions, binary or textual  content  witch  makes
	it a high risk exploit in my book

	A demonstration is available at http://www.xs4all.nl/~jkuperus/bug.htm





	Disable active scripting

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH