IE vulnerability offers your files to hackers

Posted on Thursday, January 28, 2010 @ 16:02:33 CET in Security
by Raven

Southern writes:  
Jorge Luis Alvarez Medina, a security consultant working for Core Security, has discovered a string of vulnerabilities in Internet Explorer that make it possible for an attacker to gain access to your C drive - complete with files, authentication and HTTP cookies, session management data, etc.

Exploitation of the vulnerability relies solely on the ability for a would-be attacker to provide malicious HTML content from a website and to predict the full path name for the file that will be used to cache it locally on the victim's system," says the advisory Core Security published. "If the entire path name can be predicted, the attacker can cause a redirection to the locally stored file using an URI specified in UNC form and force the local content to be rendered as an HTML document, which will permit to run scripting commands and instantiate certain ActiveX controls."

net-security.org
 
 
click Related        click Share
 
 
Associated Topics

Internet


Microsoft
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 373,164,186
  • Today: 76,537
Server InfoServer Info
  • Dec 12, 2018
  • 04:29 pm CET