Internet Explorer 5.5 and Outlook Expose File System to Remote Users


Reported October 18, 2000 by Georgi Guninski

VERSIONS AFFECTED
  • Microsoft Internet Explorer 5.5
  • Microsoft Outlook Express
  • Microsoft Outlook 

DESCRIPTION

Georgi Guninski has discovered yet another security issue with Internet Explorer 5.5, Outlook, and Outlook Express.  The vulnerability could allow a malicious attacker to read local files, arbitrary URL's, and local directory structure.

The problem lies in specifying an arbitrary codebase for an applet loaded from the tag and a jar file.  Applets may read URL's from their codebase and communcate with hosts from the codebase.

DEMONSTRATION

The following code was made available by Georgi Guninski in his advisory availalble at;  http://www.guninski.com/javacodebase1.html

---------javacodebase1.html----------------




-------------------------------------------

--------gjavacodebase.java----------------
......
try
\{
u = new URL(getParameter("URL"));
InputStream is=u.openStream();
byte ba\[\]=new byte\[1000\];
int l=is.read(ba);
InputStream os=u.openConnection().getInputStream();
String s1=new String(ba,0,l);
print(u.toString());
print(s1);
\}
.......

---------------------------------------------------------------------

 

VENDOR RESPONSE

Microsoft has been notified of this vulnerability but no patch has been issued.  Until a patch is available it is recommended to disable Java.

CREDIT
Discovered by
Georgi Guninskih

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish