Microsoft Internet Explorer contains a vulnerability in which a script from one source is permitted to access files on the client's file system. An attacker may be able to read cookies and other files on a target system, and spoof Internet sites by creating believable window titles.
In JScript, the open method is used to access a document or to open a browser window, and the close method is typically used to close the document or window. The open method takes an argument that specifies either the MIME type (text/html only) of the document or a URL to render in a new browser window.
By convincing a user to view a malicious web page or HTML email message, a remote attacker can read cookies and certain types of files on the target host and spoof Internet sites.
This vulnerability was discovered by "the Pull"
This document was written by Ian A. Finlay and Art Manion.
|Date First Published:||2001-12-21|
|Date Last Updated:||2003-05-14 00:00 UTC|