Microsoft Internet Explorer 6 - Double Slash Cache Zone Bypass

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1054213 漏洞类型
发布时间 2003-10-05 更新时间 2003-10-05
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23340
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/8980/info

A vulnerability has been reported in Internet Explorer that may allow cached Internet content to be rendered in the My Computer zone. It is possible to exploit this issue by including an extra slash when referencing cached content from within a web page, for example:

[SysDrive]:\\Documents and Settings\[user_name]\Local Settings\Temporary Internet Files\Content.IE5

The extra slash prior to "Documents and Settings" will cause the referenced content to be handled in the context of the My Computer zone. Combined with other vulnerabilities, this issue could lead to execution of arbitrary code on the client system. A proof-of-concept has been released to demonstrate this issue may be exploited with other issues to cause execution of arbitrary code in the context of the client user. It should be noted that the proof-of-concept may only function correctly if the Internet Explorer cache is in the default location.

** A new proof-of-concept has been made available which uses the vulnerability described in BID 9106 to locate the Internet Explorer cache. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/23340-1.zip

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/23340-2.zip