Skip navigation
Menu
Collaboration>Email and Calendaring

Outlook Express and Internet Explorer 5.5 Can Allow Local Files to be Read

 

Reported September 26, 2000 by Georgi Guninski

VERSIONS AFFECTED
  • Internet Explorer 5.5, Outlook Express 5.5

DESCRIPTION

A bug found in Internet Explorer and Outlook Express 5.5 makes is possible for a person to remotely read files and local and mapped (UNC) drives.

DEMONSTRATION

By exploiting the functionality of the GetObject () JScript and the "htmlfile" ActiveX object a remote user could read files.  Example HTML as provided by Georgi Guninski is as follows;

VENDOR RESPONSE

It is unconfirmed if Microsoft has been made aware of this issue.  A suggested workaround is to disable active scripting.

CREDIT
Discovered by Georgi Guninski
TAGS: Security Email and Calendaring
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading