Is there any way to exploit this with files that are not recognized as text. Example, I tried modifying your code to c:\autoexec.bat and c:\winnt\win.ini. Instead of displaying the contents of my autoexec.bat file, I instead recieved an Open/Save As dialog. Open tries to execute the bat file or edit the ini file in the temp folder where it was downloaded, and save as does the obvious. This problem exists on both versions of IE5 that I have access to, 5.00.0708.700 [ships with Windows 2000 Beta 2 build 5.00.1877], and 5.00.2014.0216 [a public release]. Hopefully this can't be exploited against anything but text files as it's not terribly likely that you have any sensitive information sitting around in text files whose names are likely to be guessed. ----] quote [---- >1) IE allows reading local files and sending them to an arbitrary >server. >The filename must be known. > >The bug may be exploited using HTML mail message. > ----] end quote [----
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:41:50 PDT