Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Microsoft Internet Explorer Known Local File Script Execution Vulnerability

Microsoft Internet Explorer Known Local File Script Execution Vulnerability

by Nikola Strahija on April 3rd, 2002 By default Microsoft Internet Explorer executes scripts from websites in the Internet Zone. Due to a flaw in the way that Internet Explorer deals with cookies, it will execute any scripts embedded within a cookie in the Local Computer zone with the same privilege level as the currently logged in user.


It has been reported that this issue is based on the ability to force Internet Explorer to open arbitrary known files as HTML content. As a result, any local file which contains valid HTML or JavaScript may be rendered as such by the browser. Additional attack vectors beyond cookie files may exist.

Normally only files with the registered extensions .html or .htm will be interpreted as HTML content.

Remote: Yes

Exploit: No


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »