Microsoft Internet Explorer 5/6 GetObject File Disclosure Vulnerability
2002-01-01T00:00:00
ID EDB-ID:21195 Type exploitdb Reporter Georgi Guninski Modified 2002-01-01T00:00:00
Description
Microsoft Internet Explorer 5/6 GetObject File Disclosure Vulnerability. CVE-2002-0023. Remote exploit for windows platform
source: http://www.securityfocus.com/bid/3767/info
A flaw exists in Microsoft Internet Explorer that may allow a remote attacker to view known files on a target system when a user views web content containing a specially crafted script.
The problem occurs when the 'GetObject()' JScript function is used with the ActiveX object 'htmlfile.' If a URL containing "../" sequences is passed as the first argument to the function, it is possible to cause Internet Explorer to grant full access to the DOM of the created HTML document object:
a=GetObject("http://"+location.host+"/../../../../../../test.txt","htmlfile");
This vulnerability could be used by a malicious web site administrator to view any known file on a target system. It may also lead to the execution of arbitrary code.
{"id": "EDB-ID:21195", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Microsoft Internet Explorer 5/6 GetObject File Disclosure Vulnerability", "description": "Microsoft Internet Explorer 5/6 GetObject File Disclosure Vulnerability. CVE-2002-0023. Remote exploit for windows platform", "published": "2002-01-01T00:00:00", "modified": "2002-01-01T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/21195/", "reporter": "Georgi Guninski", "references": [], "cvelist": ["CVE-2002-0023"], "lastseen": "2016-02-02T15:53:14", "viewCount": 3, "enchantments": {"score": {"value": 5.3, "vector": "NONE", "modified": "2016-02-02T15:53:14", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2002-0023"]}, {"type": "osvdb", "idList": ["OSVDB:3030"]}], "modified": "2016-02-02T15:53:14", "rev": 2}, "vulnersScore": 5.3}, "sourceHref": "https://www.exploit-db.com/download/21195/", "sourceData": "source: http://www.securityfocus.com/bid/3767/info\r\n\r\nA flaw exists in Microsoft Internet Explorer that may allow a remote attacker to view known files on a target system when a user views web content containing a specially crafted script.\r\n\r\nThe problem occurs when the 'GetObject()' JScript function is used with the ActiveX object 'htmlfile.' If a URL containing \"../\" sequences is passed as the first argument to the function, it is possible to cause Internet Explorer to grant full access to the DOM of the created HTML document object:\r\n\r\na=GetObject(\"http://\"+location.host+\"/../../../../../../test.txt\",\"htmlfile\");\r\n\r\nThis vulnerability could be used by a malicious web site administrator to view any known file on a target system. It may also lead to the execution of arbitrary code. ", "osvdbidlist": ["3030"]}
{"cve": [{"lastseen": "2020-10-03T11:36:59", "description": "Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.", "edition": 3, "cvss3": {}, "published": "2002-03-08T05:00:00", "title": "CVE-2002-0023", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2002-0023"], "modified": "2018-10-12T21:30:00", "cpe": ["cpe:/a:microsoft:ie:6.0", "cpe:/a:microsoft:ie:5.5", "cpe:/a:microsoft:ie:5.01"], "id": "CVE-2002-0023", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0023", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:19:57", "bulletinFamily": "software", "cvelist": ["CVE-2002-0023"], "edition": 1, "description": "## Vulnerability Description\nMicrosoft Internet Explorer contains a flaw that allows remote attackers to read arbitrary files. The flaw occurs due to poor security checks on the \"GetObject()\" JScript function when malformed requests with \"../\" are used. This function is used with the ActiveX object \"htmlfile\".\n\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch (q316059_IE) to address this vulnerability.\n\n## Short Description\nMicrosoft Internet Explorer contains a flaw that allows remote attackers to read arbitrary files. The flaw occurs due to poor security checks on the \"GetObject()\" JScript function when malformed requests with \"../\" are used. This function is used with the ActiveX object \"htmlfile\".\n\n## Manual Testing Notes\na=GetObject(\"http://\"+location.host+\"/../../../../../../test.txt\",\"htmlfile\");\n## References:\nMail List Post: http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-01/0013.html\nISS X-Force ID: 7758\n[CVE-2002-0023](https://vulners.com/cve/CVE-2002-0023)\nBugtraq ID: 3767\n", "modified": "2002-01-01T00:00:00", "published": "2002-01-01T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:3030", "id": "OSVDB:3030", "title": "Microsoft IE GetObject File Disclosure", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}
