Microsoft Internet Explorer URL Local Resource Access Weakness

Microsoft Internet Explorer is prone to a security weakness that may permit unauthorized access to local resources on a client computer. This will effectively bypass security restrictions implemented in Internet Explorer 6 SP1. Specifically, a malicious Web page may access a file on a vulnerable client computer by pre-pending "URL:" to a request for a specific resource.

This weakness is useful when exploiting other vulnerabilities, such as vulnerabilities that allow cross-zone access.

Exploits are known to be circulating in the wild that abuse this issue in combination with BID 10473 and one of the issues described in BID 8577.


Privacy Statement
Copyright 2010, SecurityFocus