Home » Hacking News » Microsoft Internet Explorer 6 can read local files

Microsoft Internet Explorer 6 can read local files

by Nikola Strahija on December 18th, 2001 There is a bug in the Microsoft.XMLHTTP component shipped with Internet Explorer 6 which allows reading and sending local files. This component doesn't handle http redirects to local files properly In order for this exploit to work the file name must be known.

The exploit doesn't distinguish between extensions, binary or textual content witch makes it a high risk exploit in my book.
Systems affected:

IE 6/ Win98
IE 6 /Windows XP

Probably other versions of windows ass well as it doesn't seem to be os related- have not tested.

On IE 5.5 the exploit doesn't work, it seems to have a bug in its implementation of the active X object used as it doesn't seem to follow redirects .

Workaround:
- Disable active scripting

From the forum

The forums are now OPEN AGAIN!

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Users login

JOIN XATRIX

Microsoft Internet Explorer 6 can read local files

Related articles

Advisories

Vulnerabilities

From the forum

Newsletter signup

Free E-books

Contact