In-Reply-To: <20031024135303.26267.qmail@linuxmail.org> It worked for me- IE6 on XP-SP1. but it seems to be a Flash Player MX plugin bug than IE bug, cause it stores cookies( flash documents call it SharedObject) on disk, in a fixed location. bye >Subject: Internet Explorer and Opera local zone restriction bypass > >Internet Explorer and Opera local zone restriction bypass. >=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--= > >---------------------- >Vendor Information: >---------------------- > >Homepage : http://www.microsoft.com >Vendor : informed >Mailed advisory: 23/10/03 >Vender Response : None yet > > >---------------------- >Affected Versions: >---------------------- > >All version of IE 6 >Possibly 5.x too > > >---------------------- >Description: >---------------------- > >Microsoft Internet Explorer does not allow local file access by a remote host by default. >By creating an iframe which points on a specially crafted cgi script (using the location header >to confuse IE), it is possible to cause IE to execute any local file through the iframe with local >zone restrictions. This then allows remote arbitrary file execution on the victim without having >the victim do a thing except load the page. >Opera seems to not only be affected by this vulnerability, but it also allows direct >local file access through iframes without any cgi scripts. Unlike IE where it is possible >to set activex objects to execute arbitrary files, in Opera it is not. There may be a way, >but I am currently not aware of any. > > >---------------------- >Exploit: >---------------------- > >I have created a proof of concept page, but I did not show or explain how the cgi scripts >nor the flash file work exactly to prevent kiddie abuse. > >For IE: http://www.mlsecurity.com/ie/ie.htm > >For Opera: <iframe name="abc" src="file:///C:/"></iframe> > >---------------------- >Solution: >---------------------- > >Check Microsoft's website frequently until a new patch comes out. > >---------------------- >Contact: >---------------------- > >- Mindwarper >- mindwarper@linuxmail.org >- http://mlsecurity.com > >-- >______________________________________________ >Check out the latest SMS services @ http://www.linuxmail.org >This allows you to send and receive SMS through your mailbox. > > >Powered by Outblaze >
