Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE Flaw Gives Hackers Access To User Files

Posted by timothy on from the open-file-my-documents dept.

snydeq writes "Microsoft warned that a flaw in IE gives attackers access to files stored on a PC under certain conditions. 'Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location,' Microsoft said in a security advisory. The vulnerability requires that an attacker knows the name of the file they want to access, according to the company."

5 of 259 comments (clear)

  1. This is bad. by Buelldozer · · Score: 5, Insightful

    When you go to my website I know what the cookie name is and I know the default file system location for that cookie. This one seems pretty bad.

  2. I wonder... by Ismene · · Score: 5, Insightful

    I wonder how many people have a "passwords.txt" file in their Documents. ;-)

    1. Re:I wonder... by byrdfl3w · · Score: 5, Funny

      Whew! Thanks! I deleted all my password.txt files before some nasty hacker got to me.
      Now I gotta tell my friends about this! Hold on while I log..

      Oh crap.

  3. Windows.edb = windows search index by electrogeist · · Score: 5, Interesting

    If they grab the windows search index file then they'd have a map to everything else?

    get \ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb (vista)
    or \All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb (xp)

    and http://www.simplecarver.com/tool.php?toolname=Windows Search Index Extractor

  4. Re:Steam by legio_noctis · · Score: 5, Interesting

    Unfortunately, the thread asking for Webkit in Steam at http://forums.steampowered.com/forums/showthread.php?t=861863 demonstrates how clueless the average gamer is about standards etc.

    Some choice quotations:

    "ie is fine"

    "I'd rather not have steam bloated with redundant tech right now."

    "Also W3C != Web Standards, and IE aren't the only ones not complying with the "standards", Firefox didn't comply with all W3C published recommendations either.(Don't know if that's still the case) [...] Microsoft is a business, and they don't want to take the blame because of a third parties inabillity to properly design websites. That is their design goal, and as the W3C isn't enforcable, as it's not considered a standard"

    "It works, it is secure and it isn't that slow"

    "IE is fine, and so was Windows 98."

    "there is nothing wrong with the day-to-day performance of Trident."