An IE browser vulnerability security testing and analysis-vulnerability warning-the black bar safety net

Today saw on the Internet A IE little vulnerability. Do the following simple analysis The use method is as follows Program code: img src="sysimage://C:\WINNT\Notepad.exe,7 7 7" onError="document. write’bFile Exists!& lt;/b’;" Just start very strange this sysimage://is a Protocol,so in IE into:...

Microsoft Internet Explorer 6 - Sysimage Protocol Handler Local File Detection

source: https://www.securityfocus.com/bid/11834/info Microsoft Internet Explorer is reported prone to a vulnerability that may allow a remote site to detect files on the local computer. A remote attacker can exploit this issue through the ''sysimage://' protocol handler to detect the existence of...