[LINK] Internet Explorer allows reading of local files by remote webpages
Anthony Healy
thealy@magna.com.au
Tue, 27 Nov 2001 10:24:46 +1100
I have sent a message to the bug traq poster explaining that the problem is
five years old and has been fixed, and asking him to update his earlier
post.
Andy Farkas wrote:
> I recall somebody wondering about how a webserver could run code or read
> files on a client machine. A new bug has been discovered that allows you
> to do just that. Scary. More info would be at www.securityfocus.com.
>
> ---------- Forwarded message ----------
> Date: Sun, 25 Nov 2001 11:52:04 +0100
> From: Markus Kern <markus-kern@gmx.net>
> To: bugtraq@securityfocus.com
> Subject: Internet Explorer allows reading of local files by
> remote webpages
>
> Summary
> -------
> There is a vulnerability in MS Internet Explorer that allows
> any webpage or HTML email to read arbitrary local files.
> This bug may also lead to remote command execution.