Minor IE System Info Disclosure

[dzzie () yahoo com]

I just stumbled across this the other day when i was playing... a remote
server can poll a surfers computer and determin some applications they
have installed by trying a load an image with the file:// protocol.

if the file is found on disk the javascript onload event fires..if not
the onerror event fires..

http://geocities.com/dzzie/sys_snoop1.html


you can also check out the remote system by setting an iframe src=file://
to common paths to txt or xml files..if they are found they will raise
the onload event (oddly enough .html extension wont raise event)

http://geocities.com/dzzie/sys_snoop2.html