A vulnerability has been identified in Microsoft Internet Explorer, (default installation) in windows XP service pack 2 which could be exploited by malicious users to obtain victims local files. This flaw is due to an error in the way Microsoft Internet explorer handles different html tags. Which could be exploited by a malicious remote user to obtain sensitive local files from the victim's computer.
Credit : Rajesh Sethumadhavan
Original Advisory - http://www.xdisclose.com/XD100099.txt
----------------------------
If you read the original advisory, you can see that this is nothing new. The page is accessing local files within IE and rendering them back to the user, which again is local. How this information could be passed back to the remote user is the hard part. As far as I can tell, this is a known issue and is in place by design.
My friend, Debasis Mohanty (aka Tr0y), just pointed out to me that this type of weakness exist in the normal Outlook URI function as well. But the attack vector is very limited because it isn't very easy to get the information back to the attacker.
Service Pack 2 changed things quite a bit in this area and therefore I would wait to see if this vuln can be verified.
No comments:
Post a Comment