Potential Internet Explorer Security Risk

Type securityvulns
Reporter Securityvulns
Modified 2001-08-16T00:00:00


Potential Security Risk with Internet Explorer This was tested on version: 5.00.2614.3500 with Windows 98 SE 4.10.2222A.

I was playing with Favorites and added a favorite with the name of 'www.dsakfjhasdfj.com' and set it to point to the address 'c:\command.com'. dont include the '' characters.....

I then typed in 'www.dsakfjhasdfj.com' in the address bar and it loaded up the msdos command prompt window. You can write a javascript to add a Favorite or edit Startpage in internet explorer. A window usually pops up asking if you want to add it as a Favorite or Startpage, but if the security settings are low, it would automatically do it without asking. You could make the favorite point to files on the local system and have them executed. I have not gone into depth testing this, but if the user had deltree or other similar programs, serious damage could occur.

If you have the javascript on a website auto add a favorite of say, 'www.dsakfjhasdfj.com' and then make a link on the website that the user was required to click to enter into the main page, it would look up 'www.dsakfjhasdfj.com' and find that it was not a valid website, and then run the address that was in the favorite named 'www.dsakfjhasdfj.com' (if the user was to enter the page). Also try redirecting the user automatically to the address.

I haven't tried making the default page load up command.com, but it may work as well.

-- Kyle L. [binary@marmoset.net]