header-logo
Suggest Exploit
vendor:
Internet Explorer
by:
SecurityFocus
7.5
CVSS
HIGH
Microsoft Internet Explorer GetObject() JScript Function Arbitrary File Access
22
CWE
Product Name: Internet Explorer
Affected Version From: Microsoft Internet Explorer 5.0
Affected Version To: Microsoft Internet Explorer 5.5
Patch Exists: YES
Related CWE: CVE-2001-0206
CPE: a:microsoft:internet_explorer
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2001

Microsoft Internet Explorer GetObject() JScript Function Arbitrary File Access

A vulnerability exists in Microsoft Internet Explorer that may allow a remote attacker to view known files on a target system when a user views web content containing a specially crafted script. The problem occurs when the 'GetObject()' JScript function is used with the ActiveX object 'htmlfile.' If a URL containing "../" sequences is passed as the first argument to the function, it is possible to cause Internet Explorer to grant full access to the DOM of the created HTML document object.

Mitigation:

Microsoft has released a patch to address this issue.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3767/info

A flaw exists in Microsoft Internet Explorer that may allow a remote attacker to view known files on a target system when a user views web content containing a specially crafted script.

The problem occurs when the 'GetObject()' JScript function is used with the ActiveX object 'htmlfile.' If a URL containing "../" sequences is passed as the first argument to the function, it is possible to cause Internet Explorer to grant full access to the DOM of the created HTML document object:

a=GetObject("http://"+location.host+"/../../../../../../test.txt","htmlfile");

This vulnerability could be used by a malicious web site administrator to view any known file on a target system. It may also lead to the execution of arbitrary code.

Navigation

Suggest Exploit

Services By CQR