Impact: Exposure of system information
Where: From remote
Solution Status: Partial Fix
Software: Microsoft Internet Explorer 6
Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.
Benjamin Tobias Franz has discovered a vulnerability in Internet Explorer,
which can be exploited by malicious sites to detect the presence of local
The problem is that an "Access is Denied" error will be returned if a site
in the "Internet" zone tries to open an existing local file in the search
window using the "res:" URI handler. This can be exploited to determine
the presence of specific programs or files in the system directories and
on the desktop.
The vulnerability has been confirmed on a fully patched system with
Internet Explorer 6.0 and Microsoft Windows XP SP1.
The vulnerability does not affect systems running Windows XP with SP2
Disable Active Scripting Support.
Provided and/or discovered by:
Benjamin Tobias Franz
Please note: The information, which this Secunia Advisory is based upon,
comes from third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued
by security research groups, vendors, and others.