Full Disclosure mailing list archives
Re: Internet Explorer JavaScript insecure function
From: Jelmer <jkuperus () planet nl>
Date: Sun, 07 Dec 2003 17:26:20 +0100
I discovered a javascript function (interpreted by Internet Explorer)
called "file.writeline()" may be
potentially dangerous for Internet Explorer users. This function allows to
write files by means of
JavaScript on a hard disk.
http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0010.html It could be that you are using an old version of IE and independantly redicovered this vulnerability but I sincerely doubt it, especially since you refer to the issue as being in a javascript function, when it was infact the possibilty to create an activex objects that was the issue ( writeline is a method of the filesystem activex object) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Internet Explorer JavaScript insecure function FREEBRAIN (Dec 07)
- Re: Internet Explorer JavaScript insecure function Jelmer (Dec 07)
- points of analysis sir kaber (Dec 07)
- Re: Internet Explorer JavaScript insecure function Jelmer (Dec 07)