Internet Explorer 8 Flaw Makes local Files Public


Active Member
Internet Explorer 8 Flaw Makes local Files Public

The end of Internet Explorer is finally here. Series of events: Google Hacking, removal of support for Google apps, several other vulnerabilities are forcing users to move to alternates.

Recently, at Black Hat DC conference, a security consultant (Jorge Luis Alvarez Medina) demoed how it’s possible to exploit a flaw in Internet Explorer browser that turns your personal computer into a public file server. In other words, attacker can remotely read files on the victim’s local drive.

There are a few ways to initiate the attack, which is somewhat complex because you have to “string alot of the features together to build an attack tool,” Medina said. One method involves enticing the victim to click a link to a malicious Web site.

The flaw is said to work across all versions of Internet Explorer, and just can’t be fixed in a single shot. Medina said it doesn’t appear that the IE flaw is subject to patching because it encompasses design features related to how IE and Windows Explorer handle zone elevation, HTML code and MIME types.

Related: ALL Windows PC Exploited by a Hack

As a response, Microsoft prompted a security advisory

Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location. These versions include Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service 4; Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4; and Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows Server 2003 Service Pack 2. Protected Mode prevents exploitation of this vulnerability and is running by default for versions of Internet Explorer on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008.

A workaround, according to Medina, would include setting “IE Network Protocol Lockdown,” adjusting the security level setting for the Internet and Intranet Zones to “high,” and disabling Active Scripting for the Internet and Intranet Zones with a custom setting.

Perhaps, the best that can be done is to use a different browser.

One weakness in IE is that it “doesn’t behave consistently. when accessing the same resources,” he pointed out. This exploit leverages it by “chaining the exploitation of a series of weak features.”

His dialogue with Microsoft’s security team about the exploit so far has indicated that Microsoft thinks this is not something it can fix because the flaw is so much a part of the fundamental design of the browser.

Wake-up “User“, Are you still on IE?
Re: Internet Explorer8 Flaw Makes local Files Public

No big surprise again, IE8 blows, like IE7 and like IE6.

The only thing that's amazing is how much flaws and bugs have been reported since IE6, it's a complete non-sense that even one person keeps using this browser. I'd bet that Bill Gates himself doesn't even use IE.

Wanna have a good laugh ? Visit Paranormalis with Internet Explorer 6. It's so bad it's good lol.

Check out this blog, there are some pretty awesome rants about IE:

Re: Internet Explorer 8 Flaw Makes local Files Public

I haven't used IE on purpose in quite a while. There's still the odd time here or there where links in programs open it by default even though its not set as my default. I've been using google chrome since my last hd format and I really like it. All I do with my broswers really is surf and chrome works great for that. Pages do load faster in chrrome than any other browser I've used and that is the most important thing to me.

Re: Internet Explorer 8 Flaw Makes local Files Public

I'm using Google Chrome on Ubuntu and it's amazing how fast pages load. There's no delay, I'm not even used to browse the internet without waiting for pages to load.
Re: Internet Explorer 8 Flaw Makes local Files Public

i plan to rebuild my personal pc cuz im using a intel atom base pc and its very weak but for now its all i could afford , until next march i have to do with mozilla firefox