This is a well known vulnerability in the microsoft product cited below. This vulnerability was thought of having being taken care of in Microsoft Internet Exploder 4.01 version, but apparently hasn't. Amaury JACQUOT ps : This message is a look like microsoft bug-advisory in content. it is purely af fake, but the info is true... (just to poke fun at Microsoft)... Le mar, 30 mar 1999, vous avez écrit : > There is a security bug in Internet Explorer 5.0, which allows reading > and > sending local files to a remote server. > The problem is a bug in the DHTML edit control, which allows pasting a > filename in a FILE object. When the form is submitted via JavaScript, > the > contents of the file are sent to a remote server. > > Demonstration is available at: http://www.nat.bg/~joro/fr.html > > Workaround: Disable JavaScript > > I would like to thank Juan Cuartango > (http://pages.whowhere.com/computers/cuartangojc/index.html) for his IE > exploits, > which helped me a lot for discovering this vulnerability! > > Regards, > Georgi Guninski > http://www.nat.bg/~joro -- Ingénieur réseau Esitcom Membre d'APRIL Avoid software piracy, use FREE software. http://www.multimania.com/sxpert http://www.april.org
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:41:11 PDT