Critical:
Not critical
Impact: Exposure of system information
Where: From remote
Software: Microsoft Internet Explorer 6
Description:
Jelmer has discovered a vulnerability in Internet Explorer, allowing malicious sites to detect the presence of local files.
The problem is that a vbscript can cause Internet Explorer to report different error messages depending on whether a file specified in a form exists or not. This could be exploited to determine the presence of specific programs or data.
This is a variant of older vulnerabilities reported to affect previous versions of Internet Explorer.
The vulnerability has been confirmed in version 6.0 SP1 with all patches applied.
Solution:
Disable active scripting except for trusted sites.
Provided and/or discovered by:
Jelmer
http://www.secunia.com/advisories/10820/
 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
General discussion
Internet Explorer File Identification Variant
Discussion is locked
CNET Forums
Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Roadshow Autos
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic