1/28/2010

IE Windows vuln coughs up local files

Filed under: — Aviran Mordo

If you use any version of Internet Explorer to surf the web, Jorge Luis Alvarez Medina can probably read the entire contents of your primary hard drive.

The security consultant at Core Security said his attack works by clicking on a single link that exploits a chain of weaknesses in IE and Windows. Once an IE user visits the booby-trapped site, the webmaster has complete access to the machine’s C drive, including files, authentication cookies - even empty hashes of passwords.

Powered by WordPress