Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Login to participate.
Flooding Internet Explorer 6
|
|||||||
|
Thread Tools |
|
#1
05-18-2003
|
||||
|
||||
|
Flooding Internet Explorer 6
Vulnerability
I've noticed that on my test environment it is possible to bypass Internet Explorer Zones protection by flooding it with large number of file:// requests in example to infected fileserver. The result of this bypass is EXECUTION OF ANY REQUESTED FILE. My requested file was 'trojan.exe' placed on neighbour WIN2K Professional workstation. To see code used during the test check files in attached archive. On IE 6.0 the result was always the same, after more than 200 dialog boxes with 'trojan.exe' request, suddenly requested file got executed. For the purpose of this test I've used 2 Win2K & WinXP workstations with Internet Explorer 6.0.2800.1106 (I believe that's most recent version of IE) & on both workstations opening the 'dmz1.html' file trough LAN share resulted in executing 'trojan.exe' application. My Internet Security Zone was set to "MEDIUM". Would you like to know more? |
| Thread Tools | |
|
| Similar Topics | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Issues with Internet Explorer & Service Pack 2 | tuckerkg | Windows OS | 31 | 03-15-2005 09:43 AM |
| Cumulative Patch for Internet Explorer | TS | Thomas | Old Frontpage News & Comments | 0 | 10-04-2003 06:50 AM |
| Cumulative Patch for Internet Explorer | TS | Thomas | Old Frontpage News & Comments | 0 | 06-04-2003 06:59 PM |
| Cumulative Patch for Internet Explorer | TS | Thomas | Old Frontpage News & Comments | 0 | 04-23-2003 04:10 PM |
| Cumulative Patch for Internet Explorer | TS | Thomas | Old Frontpage News & Comments | 0 | 02-06-2003 04:43 PM |
All times are GMT -4. The time now is 01:02 PM.
