[26707] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Enableing java logging in MSIE is dangerous

daemon@ATHENA.MIT.EDU (Jelmer)
Sat Aug 17 15:04:48 2002

Message-ID: <002401c2461c$3072e560$0300000a@pluto>
From: "Jelmer" <jelmer@kuperus.xs4all.nl>
To: <bugtraq@securityfocus.com>
Date: Sat, 17 Aug 2002 20:30:40 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

There is a feature  in the microsoft virtual machine shipped with
internet explorer called java logging (tools > internet options advanced)
what this basicly does is write java

System.out.println() ,  System.err.println etc output to a known
location on the users harddisk namely

%WINDIR%\java\javalog.txt

Those who have been following HTTP-EQUIV's discovery will realise that
this is extremely dangerous, as it will allow execution of arbitrary
code
However since this feature is disabled by default it can be considered
to be very low risk

--
  jelmer


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[26707] in bugtraq

Enableing java logging in MSIE is dangerous

daemon@ATHENA.MIT.EDU (Jelmer)Sat Aug 17 15:04:48 2002

daemon@ATHENA.MIT.EDU (Jelmer)
Sat Aug 17 15:04:48 2002