Title: Microsoft Internet Explorer File Contents Disclosure Vulnerability
Severity: HIGH
Description:
MSIE contains a vulnerability which may allow malicious website operators to obtain data (non-cookie) from the filesystem of a remote client.
If a known local file on the client filesystem is referenced as script source, some of its contents can be read if they are formatted in a certain way. The contents have to be formatted as though script variables are being assigned values, ie:
variablename=variablevalue
If a file containing data formatted in this manner exists on the client filesystem at a known location, it may be possible for malicious webmasters to obtain some of it's content.
The vulnerability lies in the fact that MSIE will read these name/value pairs as variables and their values in the script interpreter. The values can then be referenced simply by using the associated variables in the script code, the names of which must also be known by the attacker.
Because of the knowledge required to exploit this vulnerability and the fact that the file must be formatted correctly, real-world exploitation is unlikely (but not out of the question). The primary concern is that MSIE is providing data from files outside of the allowed areas to remote hosts.
Depending on the contents of the known file, this vulnerability could reveal sensitive data and assist in further attacks against the target.
Affected Products:
- Microsoft Internet Explorer 5.0
- Microsoft Internet Explorer 5.0.1
- Microsoft Internet Explorer 5.0.1 SP1
- Microsoft Internet Explorer 5.0.1 SP2
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 5.5 SP1
- Microsoft Windows 98SE
- Microsoft Windows ME
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
