Microsoft Internet Explorer Scriptlet Rendering Vulnerability

By design, the Scriptlet Component of Microsoft Internet Explorer (the ActiveX control that invokes scriplets) is only supposed to render HTML files. However, it will render any file type.

Due to this design error, a malicious website operator may gain read access to known files on a remote system by injecting valid HTML code into a file that would be run at the privilege level of the Local Computer Zone. This file may contain a script that could forward the contents of known files to the website operator. The files that can be read are limited to what can be open in a browser window (eg. txt, .htm or .js files, not .exe files).

Update (December 1, 2000): A new variant of this vulnerability was discovered. Microsoft has released a new patch to address all known variants of this vulnerability.


Privacy Statement
Copyright 2010, SecurityFocus