Flooding Internet Explorer 6

By TS | Thomas
May 18, 2003
  1. Vulnerability
    I've noticed that on my test environment it is possible to bypass Internet Explorer Zones protection by flooding it with large number of file:// requests in example to infected fileserver. The result of this bypass is EXECUTION OF ANY REQUESTED FILE. My requested file was 'trojan.exe' placed on neighbour WIN2K Professional workstation. To see code used during the test check files in attached archive.

    On IE 6.0 the result was always the same, after more than 200 dialog boxes with 'trojan.exe' request, suddenly requested file got executed. For the purpose of this test I've used 2 Win2K & WinXP workstations with Internet Explorer 6.0.2800.1106 (I believe that's most recent version of IE) & on both workstations opening the 'dmz1.html' file trough LAN share resulted in executing 'trojan.exe' application. My Internet Security Zone was set to "MEDIUM".

    Would you like to know more?
Topic Status:
Not open for further replies.

Similar Topics

Create an account or login to comment

You need to be a member in order to leave a comment
TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...

Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.