header-logo
Suggest Exploit
vendor:
Internet Explorer
by:
7.5
CVSS
HIGH
Cached Content Rendering Vulnerability
79
CWE
Product Name: Internet Explorer
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:microsoft:internet_explorer
Metasploit:
Other Scripts:
Platforms Tested: Windows

Cached Internet Content Rendering in My Computer Zone

A vulnerability in Internet Explorer allows cached Internet content to be rendered in the My Computer zone. By including an extra slash when referencing cached content from within a web page, an attacker can exploit this issue. This can lead to the execution of arbitrary code on the client system.

Mitigation:

To mitigate this vulnerability, users should ensure their Internet Explorer cache is not located in the default location. Additionally, keeping the browser and operating system up-to-date with the latest security patches can help prevent exploitation.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8980/info

A vulnerability has been reported in Internet Explorer that may allow cached Internet content to be rendered in the My Computer zone. It is possible to exploit this issue by including an extra slash when referencing cached content from within a web page, for example:

[SysDrive]:\\Documents and Settings\[user_name]\Local Settings\Temporary Internet Files\Content.IE5

The extra slash prior to "Documents and Settings" will cause the referenced content to be handled in the context of the My Computer zone. Combined with other vulnerabilities, this issue could lead to execution of arbitrary code on the client system. A proof-of-concept has been released to demonstrate this issue may be exploited with other issues to cause execution of arbitrary code in the context of the client user. It should be noted that the proof-of-concept may only function correctly if the Internet Explorer cache is in the default location.

** A new proof-of-concept has been made available which uses the vulnerability described in BID 9106 to locate the Internet Explorer cache. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21199.zip

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/23340-2.zip