Internet Explorer 5.5 and Outlook Expose File System to Remote Users

Reported October 18, 2000 by Georgi Guninski

VERSIONS AFFECTED

Microsoft Internet Explorer 5.5
Microsoft Outlook Express
Microsoft Outlook

DESCRIPTION

Georgi Guninski has discovered yet another security issue with Internet Explorer 5.5, Outlook, and Outlook Express. The vulnerability could allow a malicious attacker to read local files, arbitrary URL's, and local directory structure.

The problem lies in specifying an arbitrary codebase for an applet loaded from the

DEMONSTRATION

The following code was made available by Georgi Guninski in his advisory availalble at; http://www.guninski.com/javacodebase1.html

---------javacodebase1.html----------------

-------------------------------------------

--------gjavacodebase.java----------------
......
try
\{
u = new URL(getParameter("URL"));
InputStream is=u.openStream();
byte ba\[\]=new byte\[1000\];
int l=is.read(ba);
InputStream os=u.openConnection().getInputStream();
String s1=new String(ba,0,l);
print(u.toString());
print(s1);
\}
.......

---------------------------------------------------------------------

VENDOR RESPONSE

Microsoft has been notified of this vulnerability but no patch has been issued. Until a patch is available it is recommended to disable Java.

CREDIT
Discovered by Georgi Guninskih

Comments

Plain text