SecurityTeam US Contribute  :  Advanced Search  :  Web Resources  :  Polls  :  File Repository  
 
advanced search  
Poll
What would you like to see on SecurityTeamUS?
More News
Product Reviews
HowTo's
Custom RPM/Packages/Tools
Other (Please leave comment)
Results
96 votes | 0 comments
Topics
Home
Apache
Apple
Application Software
Cisco Systems
Database Servers
Internet Explorer
Linux
Macromedia
Microsoft
Mozilla/Firefox
Phishing/ID Theft
Real Networks
Security News
Sun Microsystems
Web Appliances/Devices
Web Scripts
Wi-Fi
Virus Alerts
Events
There are no upcoming events
 Welcome to SecurityTeam US
 Monday, February 06 2012 @ 11:58 AM EST

Microsoft Internet Explorer "sysimage:" Local File Detection Weakness

    
Wednesday, December 08 2004 @ 10:46 AM EST

Internet ExplorerGregory R. Panakkal has discovered a weakness in Internet Explorer, which can be exploited by malicious people to detect the presence of local files.

The "sysimage:" URI handler is used for referencing embedded icons in executable files. The problem is that a website in the "Internet" zone can reference the URI handler in an image tag. This can be exploited to determine the presence of local programs using the "onerror" and "onload" events.

The weakness has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP1.

SOFTWARE:
Microsoft Internet Explorer 6

SOLUTION:
The weakness does not affect systems running Windows XP with SP2 installed.

Disable Active Scripting Support.

PROVIDED AND/OR DISCOVERED BY:
Gregory R. Panakkal

 
What's Related

Story Options

Microsoft Internet Explorer "sysimage:" Local File Detection Weakness | 0 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
 Copyright © 2012 SecurityTeam US
 All trademarks and copyrights on this page are owned by their respective owners.		   Get Firefox!
Dedicated Servers
Created this page in 0.15 seconds