Security hole in W2k + IE5.5, IE6.0

[marat]

Try this link or this If you have fast connection

p.s Found by Georgi Guninski

Edit:
p.p.s. It shows, that anybody can get files from your harddrive.

 

[NorthenLove]

I don't see anything there ? What's up with that ?

 

[marat]

If you are running win2k/ie5.5 or ie6.0 it will display your c:\winnt\system32\$winnt$ file.

 

[bot2600]

but HE can't see it, it can only be displayed locally.

 

[bacillus]

but MS have already issued a patch for this!

 

[Saltin]

Yep, this was patched a while back. If you go to this site and it is able to do its thing, you have no one to blame now but yourself.

 

[marat]

<< Yep, this was patched a while back. If you go to this site and it is able to do its thing, you have no one to blame now but yourself. >>



Nope. This is a new one. I am know a patch you are talking about and i am telling you this is a different one. Try it first.

 

[marat]

<< but HE can't see it, it can only be displayed locally. >>



BS. It is the same thing as saying that your forum post will not be displayed, because you type them locally. Nothing stops anybody from making simple form. In fact one can run submit() command and transfer file without you even knowing that!

As for bug being patched, install all recent updates and try it.

There is one way to fix it now - completely disable ActiveX. Oh, there is another one - uninstall windows!