|
 fugitive247 rated 10 months ago - From the page: "Microsoft Internet Explorer 5.5 allows a malicious Web site operator to inject executable code in the index.dat file, by including Javascript in a URL. Internet Explorer uses the index.dat file to store recently visited URLs and maintain a listing of subfolders in the Temporary ...
|
|
1 Reviews
-
-
- fugitive247 rated 10 months ago
- From the page: "Microsoft Internet Explorer 5.5 allows a malicious Web site operator to inject executable code in the index.dat file, by including Javascript in a URL. Internet Explorer uses the index.dat file to store recently visited URLs and maintain a listing of subfolders in the Temporary Internet Files folder. After code is injected into index.dat, the attacker can parse the file to execute the code, using the OBJECT TYPE="text/html" variable to bypass security restrictions in Internet Explorer. When the file is parsed, the JavaScript executes as trusted code, because index.dat is registered as local content by the Internet Explorer security mechanism.
"A malicious Web site operator could use this to execute any malicious JavaScript on a visiting user's computer, including code that would list the names of the cache folders in the Temporary Internet Folders directory. If an attacker knows the names of the cache folders, the attacker can execute other files that have been downloaded to the visiting user's computer and cached in these folders."
=================================
**sheesh**
Another fine example of why NO ONE
should ever use Internet Explorer...
|
