Microsoft Internet Explorer 6 – Double Slash Cache Zone Bypass

Microsoft Internet Explorer 6 – Double Slash Cache Zone Bypass

漏洞ID 1054213 漏洞类型
发布时间 2003-10-05 更新时间 2003-10-05
图片[1]-Microsoft Internet Explorer 6 – Double Slash Cache Zone Bypass-安全小百科CVE编号 N/A
图片[2]-Microsoft Internet Explorer 6 – Double Slash Cache Zone Bypass-安全小百科CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23340
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/8980/info

A vulnerability has been reported in Internet Explorer that may allow cached Internet content to be rendered in the My Computer zone. It is possible to exploit this issue by including an extra slash when referencing cached content from within a web page, for example:

[SysDrive]:\Documents and Settings[user_name]Local SettingsTemporary Internet FilesContent.IE5

The extra slash prior to "Documents and Settings" will cause the referenced content to be handled in the context of the My Computer zone. Combined with other vulnerabilities, this issue could lead to execution of arbitrary code on the client system. A proof-of-concept has been released to demonstrate this issue may be exploited with other issues to cause execution of arbitrary code in the context of the client user. It should be noted that the proof-of-concept may only function correctly if the Internet Explorer cache is in the default location.

** A new proof-of-concept has been made available which uses the vulnerability described in BID 9106 to locate the Internet Explorer cache. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/23340-1.zip

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/23340-2.zip

相关推荐: Asus AAM6330BI/AAM6000EV ADSL Router – Information Disclosure

Asus AAM6330BI/AAM6000EV ADSL Router – Information Disclosure 漏洞ID 1054032 漏洞类型 发布时间 2003-07-14 更新时间 2003-07-14 CVE编号 N/A CNNVD-ID…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享