(ver "solution" :-)
Microsoft Internet Explorer "sysimage:" Local File Detection Weakness
http://secunia.com/advisories/13396/
Secunia Advisory: SA13396 Print Advisory
Release Date: 2004-12-08
Critical:Not critical
Impact: Exposure of system information
Where: From remote
Solution Status: Partial Fix
Software: Microsoft Internet Explorer 6
Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.
Description:
Gregory R. Panakkal has discovered a weakness in Internet Explorer,
which can be exploited by malicious people to detect the presence of
local files.
The "sysimage:" URI handler is used for referencing embedded icons in
executable files. The problem is that a website in the "Internet" zone
can reference the URI handler in an image tag. This can be exploited
to determine the presence of local programs using the "onerror" and
"onload" events.
The weakness has been confirmed on a fully patched system with
Internet Explorer 6.0 and Microsoft Windows XP SP1.
Solution:
The weakness does not affect systems running Windows XP with SP2
installed.
Disable Active Scripting Support.
Provided and/or discovered by:
Gregory R. Panakkal
Leer las respuestas