Ravens PHP Scripts

IE vulnerability offers your files to hackers
Date: Thursday, January 28, 2010 @ 16:02:33 CET
Topic: Security

Jorge Luis Alvarez Medina, a security consultant working for Core Security, has discovered a string of vulnerabilities in Internet Explorer that make it possible for an attacker to gain access to your C drive - complete with files, authentication and HTTP cookies, session management data, etc.

Exploitation of the vulnerability relies solely on the ability for a would-be attacker to provide malicious HTML content from a website and to predict the full path name for the file that will be used to cache it locally on the victim's system," says the advisory Core Security published. "If the entire path name can be predicted, the attacker can cause a redirection to the locally stored file using an URI specified in UNC form and force the local content to be rendered as an HTML document, which will permit to run scripting commands and instantiate certain ActiveX controls."


This article comes from Ravens PHP Scripts

The URL for this story is: