IE vulnerability offers your files to hackers

Posted on Thursday, January 28, 2010 @ 16:02:33 PST in Security
by Raven

Southern writes:  
Jorge Luis Alvarez Medina, a security consultant working for Core Security, has discovered a string of vulnerabilities in Internet Explorer that make it possible for an attacker to gain access to your C drive - complete with files, authentication and HTTP cookies, session management data, etc.

Exploitation of the vulnerability relies solely on the ability for a would-be attacker to provide malicious HTML content from a website and to predict the full path name for the file that will be used to cache it locally on the victim's system," says the advisory Core Security published. "If the entire path name can be predicted, the attacker can cause a redirection to the locally stored file using an URI specified in UNC form and force the local content to be rendered as an HTML document, which will permit to run scripting commands and instantiate certain ActiveX controls."
click Related        click Share
Associated Topics


News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 346,052,656
  • Today: 4,350
Server InfoServer Info
  • Jan 16, 2018
  • 01:34 am PST

Daily Inspiration