IE 4.0 Security Hole Demo
|
This page demonstrates one of the security holes in Internet Explorer 4.0 that could allow code on a web site to steal information from your hard drive. When this page loads, it (harmlessly) invades your hard drive, loading a randomly-selected .txt file from the c:\windows\ ...directory on your hard drive, and displays the contents of that file in the frame below. With a little additional programming, the contents of this (or other files on your hard drive) could be sent to other destinations, including, for instance, to my e-mail box. If you get an error message, or no file shows, it does not
indicate that you are safe from this hack. It only means that you
probably do not have any .txt files stored in the named directory.
|
To protect yourself from this attack, download IE version 4.01 from Microsoft: |