[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Internet Explorer JavaScript insecure function
- To: FREEBRAIN <freebrain@softhome.net>, full-disclosure@lists.netsys.com
- Subject: Re: [Full-Disclosure] Internet Explorer JavaScript insecure function
- From: Jelmer <jkuperus@planet.nl>
- Date: Sun, 07 Dec 2003 17:26:20 +0100
>I discovered a javascript function (interpreted by Internet Explorer)
called "file.writeline()" may be
>potentially dangerous for Internet Explorer users. This function allows to
write files by means of
>JavaScript on a hard disk.
http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0010.html
It could be that you are using an old version of IE and independantly
redicovered this vulnerability but I sincerely doubt it, especially since
you refer to the issue as being in a javascript function, when it was infact
the possibilty to create an activex objects that was the issue ( writeline
is a method of the filesystem activex object)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html