site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > Browser Test: 1 medium risk vulnerability

Search Topic:
 Uniqs:
449		 Share Topic
Posting?
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies


Buddel
If it ain't broke, don't fix it.
Premium
join:2004-03-06
EU
kudos:3

Browser Test: 1 medium risk vulnerability

Dear all,

I'm using Windows ME and Internet Explorer 6 SP1. The browser test »bcheck.scanit.be/bcheck/ discovered a "bug [which] allows a web site to read the contents of any file on your computer. The web site has to know the exact path and name of the file. A malicious website may also be able to exploit this vulnerability to delete mail from your webmail account or to spoof trusted websites."

Browser Security Test ResultsDear Customer, The Browser Security Test is finished.

Please find the results below:
High Risk Vulnerabilities 0
Medium Risk Vulnerabilities 1
Low Risk Vulnerabilities 0

Medium Risk Vulnerabilities
Microsoft Internet Explorer file:javascript: Cross Domain Scripting Vulnerability (ldy20030910-01)

Description

This bug allows a web site to read the contents of any file on your computer. The web site has to know the exact path and name of the file. A malicious website may also be able to exploit this vulnerability to delete mail from your webmail account or to spoof trusted websites...

Technical Details

It is possible to inject JavaScript code into Search bar and Media bar in Internet Explorer using "file:javascript:.." URL. The code will be executed in the domain context of the document that was loaded in the bar. A malicious web site can first open a document from any domain in Search bar and then execute JavaScript code getting access to the document. There is a technique that allows injecting JavaScript code into Local Computer zone using this vulnerability. This allows a malicious web site to get access to local files and even execute arbitrary code...

Recommendations

We recommend using Windows Update to correct this problem.

What can I do about this "medium risk vulnerability"? I am recommended to use Windows Update to correct this problem, but there are no new updates for me, so I can't get rid of this problem.

Does anybody know what to do about this risk? I do know that there are other browsers which may be more secure than IE, but this is not my question. I just would like to find out whether there is a patch or something for IE 6 SP 1, so please: no IE bashing. Thanks in advance.
to forum · permalink · 2004-08-28 11:55:44 ·


Buddel
If it ain't broke, don't fix it.
Premium
join:2004-03-06
EU
kudos:3


Internet Explorer
I think I've found the solution myself.:)
to forum · permalink · 2004-08-28 20:35:29 ·


richtig
Music Is Emotion
Premium
join:2003-02-19
Australia

reply to Buddel

So, what did you find?

Please enlighten us all.

to forum · permalink · 2004-08-28 21:37:39 ·


Buddel
If it ain't broke, don't fix it.
Premium
join:2004-03-06
EU
kudos:3

said by richtig:

So, what did you find?

Please enlighten us all.
I just had to disable Active Scripting. That's all.:D
to forum · permalink · 2004-08-28 21:39:31 ·
Forums > Broadband Tech > Security > Security

Monday, 04-Jun 14:46:12 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics