Jorge Luis Alvarez Medina, a security consultant working for Core Security, has discovered a string of vulnerabilities in Internet Explorer that make it possible for an attacker to gain access to your C drive – complete with files, authentication and HTTP cookies, session management data, etc.
Exploitation of the vulnerability relies solely on the ability for a would-be attacker to provide malicious HTML content from a website and to predict the full pathname for the file that will be used to cache it locally on the victim’s system,” says the advisory Core Security published. “If the entire path name can be predicted, the attacker can cause a redirection to the locally stored file using an URI specified in UNC form and force the local content to be rendered as an HTML document, which will permit to run scripting commands and instantiate certain ActiveX controls.”
Medina says that this is the second time they reported vulnerabilities to Microsoft that are not due to a bug, but are tied to integral features of the software. A simple removal of these features is not possible if they want the program to go on working seamlessly. This weaknesses will have to be removed by changes in the technology.
According toThe Register, Microsoft is looking into the matter and says that as far as they know, the vulnerability hasn’t been exploited in-the-wild. The only combination of browser and OS that is not vulnerable to the attack is IE8 under Windows 2000/2003/XP/Vista.