Bugtraq mailing list archives
Re: IE can read local files
From: shrdlu () PACBELL NET (Lynda L. True)
Date: Sat, 5 Sep 1998 11:13:36 -0700
Mike Dion wrote:
Netscape Navigator Version 3.01 is vulnerable too... I didn't test any other netscape versions...
Netscape Navigator/Communicator 4.0.4 seems not to be, and it causes the javascript error "JavaScript Error: illegal URL method 'file:' "
At 04:33 98-09-05 -0400, Georgi Guninski wrote:There is a bug in Internet Explorer 3, 4.0, 4.01 (for version informationsee Microsoft's info below),which allows a specially designed web page to read text or HTML files fromthe user's computerand send their contents to an arbitrary host, even if the user is behindfirewall. The bug uses Javascript andthe file name and location must be known.
Demonstration of this is available at:http://www.geocities.com/ResearchTriangle/1711/good-read.htmlWorkaround: Disable Javascript. Microsoft has released a patch at:http://www.microsoft.com/security/bulletins/ms98-013.htmGeorgi Guninski http://www.geocities.com/ResearchTriangle/1711
-- 17C1 6CBC 214C EF1E E28D 42FD 2B1E A12A FEF2 25AB (DiffieHellman) Adapt or perish --------- Frank Baxter, Jeffries & Co. shrdlu () pacbell net, shrdlu () rocketmail com, shrdlu () willow sdd trw com
Current thread:
- IE can read local files Georgi Guninski (Sep 05)
- <Possible follow-ups>
- Re: IE can read local files Mike Dion (Sep 05)
- Re: IE can read local files Lynda L. True (Sep 05)
- Re: IE can read local files Steve Moyzis (Sep 05)
- Re: IE can read local files Thomas Davis (Sep 08)