Georgi Guninski has discovered yet another security issue with Internet Explorer 5.5, Outlook, and Outlook Express. The vulnerability could allow a malicious attacker to read local files, arbitrary URL's, and local directory structure. The problem lies in specifying an arbitrary codebase for an applet loaded from the DEMONSTRATION The following code was made available by Georgi Guninski in his advisory availalble at; http://www.guninski.com/javacodebase1.html ---------javacodebase1.html---------------- ------------------------------------------- --------gjavacodebase.java---------------- ---------------------------------------------------------------------
VENDOR RESPONSE Microsoft has been notified of this vulnerability but no patch has been issued. Until a patch is available it is recommended to disable Java. CREDIT |
Internet Explorer 5.5 and Outlook Expose File System to Remote Users
0 comments
Hide comments