VULHUB ™

Microsoft Internet Explorer contains a weakness that may allow remote attackers to disclose directory contents on the local system. This issue may be combined with other vulnerabilities to disclose sensitive information or reference previously placed malicious files on the system. It is reported that this issue may be triggered by employing the 'SRC' attribute of an IFRAME combined with the 'ftp://' protocol handler. It should be noted that an attacker must be able to reference properties of the IFRAME remotely to carry out this attack. This may be accomplished by exploiting a zone bypass type of vulnerability. Another attack scenario could involve an attacker placing a malicious file on a vulnerable system and then using this technique to determine the location of the file.

Microsoft Internet Explorer contains a weakness that may allow remote attackers to disclose directory contents on the local system. This issue may be combined with other vulnerabilities to disclose sensitive information or reference previously placed malicious files on the system. It is reported that this issue may be triggered by employing the 'SRC' attribute of an IFRAME combined with the 'ftp://' protocol handler. It should be noted that an attacker must be able to reference properties of the IFRAME remotely to carry out this attack. This may be accomplished by exploiting a zone bypass type of vulnerability. Another attack scenario could involve an attacker placing a malicious file on a vulnerable system and then using this technique to determine the location of the file.