[Info-vax] IE8 got me too :-( Sorry Jeff.
JF Mezei
jfmezei.spamnot at vaxination.ca
Sun Jan 24 01:01:33 EST 2010
http://www.coresecurity.com/content/Black-Hat-DC-2010
##
Home :: News & Events :: Events and Webcasts :: Speaking Engagements
Black Hat DC 2010
Title: Internet Explorer Turns Your Personal Computer into a Public File
Server
Speaker: Jorge Luis Alvarez Medina
Date: February 2, 2010
Location: Washington, DC
Link to event:
http://www.blackhat.com/html/bh-dc-10/bh-dc-10-briefings.html#AlvarezMedina
Overview:
In this presentation we will show how an attacker can read every file of
your filesystem if you are using Internet Explorer. This attack
leverages different design features of Internet Explorer entailing
security risks that, while low if considered isolated, lead to
interesting attack vectors when combined altogether. We will also
disclose and demonstrate proof of concept code developed for the
scenarios proposed.
##
Think of the advantages for a corporation. They could use this
vulnerability to perform remote backups of avery IE user in the
corporation !!!
More information about the Info-vax
mailing list