Microsoft IE JavaScript script src Local File Enumeration
2002-01-03T00:00:00
ID OSVDB:3034 Type osvdb Reporter Tom Micklovitch() Modified 2002-01-03T00:00:00
Description
Vulnerability Description
Microsoft Internet Explorer allows a remote attacker to verify the existance of a file on a vulnerable machine. This information disclosure is due to the way JavaScript returns error messages when it attempts to access a file. Using the "OnError" even handler, calls to a local file will result in an error message that verifies it's existance.
Solution Description
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Short Description
Microsoft Internet Explorer allows a remote attacker to verify the existance of a file on a vulnerable machine. This information disclosure is due to the way JavaScript returns error messages when it attempts to access a file. Using the "OnError" even handler, calls to a local file will result in an error message that verifies it's existance.
References:
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-01/0019.html
Mail List Post: http://lists.darklab.org/pipermail/darklab/2007-February/000275.html
ISS X-Force ID: 7784
Bugtraq ID: 3779
{"edition": 1, "title": "Microsoft IE JavaScript script src Local File Enumeration", "bulletinFamily": "software", "published": "2002-01-03T00:00:00", "lastseen": "2017-04-28T13:19:57", "modified": "2002-01-03T00:00:00", "reporter": "Tom Micklovitch()", "viewCount": 0, "href": "https://vulners.com/osvdb/OSVDB:3034", "description": "## Vulnerability Description\nMicrosoft Internet Explorer allows a remote attacker to verify the existance of a file on a vulnerable machine. This information disclosure is due to the way JavaScript returns error messages when it attempts to access a file. Using the \"OnError\" even handler, calls to a local file will result in an error message that verifies it's existance.\n\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nMicrosoft Internet Explorer allows a remote attacker to verify the existance of a file on a vulnerable machine. This information disclosure is due to the way JavaScript returns error messages when it attempts to access a file. Using the \"OnError\" even handler, calls to a local file will result in an error message that verifies it's existance.\n\n## References:\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-01/0019.html\nMail List Post: http://lists.darklab.org/pipermail/darklab/2007-February/000275.html\nISS X-Force ID: 7784\nBugtraq ID: 3779\n", "affectedSoftware": [{"name": "Internet Explorer", "version": "6.0", "operator": "eq"}, {"name": "Internet Explorer", "version": "5.0", "operator": "eq"}, {"name": "Internet Explorer", "version": "5.0.1", "operator": "eq"}, {"name": "Internet Explorer", "version": "5.5", "operator": "eq"}], "type": "osvdb", "references": [], "enchantments": {"score": {"value": -0.2, "vector": "NONE", "modified": "2017-04-28T13:19:57", "rev": 2}, "dependencies": {"references": [], "modified": "2017-04-28T13:19:57", "rev": 2}, "vulnersScore": -0.2}, "cvss": {"vector": "NONE", "score": 0.0}, "cvelist": [], "id": "OSVDB:3034", "immutableFields": []}
