CVE-2010-0255

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to...

Design/Logic Flaw

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to...

Microsoft IE动态OBJECT标签信息泄露漏洞

BUGTRAQ ID: 38055 CVE ID: CVE-2010-0255 Internet Explorer是Windows操作系统中默认捆绑的web浏览器。 Internet Explorer在加载OBJECT标签中所指定内容时如果index.dat文件直接从类似于以下的网页引用的话，则不会渲染和显示该文件的内容： /----- object data="file://127.0.0.1/C$/.../index.dat" type="text/html" width="100%" height="50" /object - -----/...

Microsoft Internet Explorer 5.5 - 'Index.dat' (MS00-055)

source: https://www.securityfocus.com/bid/1978/info IE 5.5 and possibly other versions stores recently visited URLs and cache folder names in a local file called index.dat. This file is kept in the following known locations: Windows 9x: C:/WINDOWS/Temporary Internet Files/Content.IE5/ Windows 200...