Vulnerability: Back button in IE6

A bug report submitted to Bugtraq claims a vulnerability lies in Internet Explorer 6 when run on Windows 2000 pro, and XP.

It says IE allows URLs containing the Javascript protocol in the History list.

"Code injected in the url will operate in the same zone/domain as the lastURL viewed. The Javascript URL can be set to trigger when a user pressesthe backbutton.

"The normal behaviour when a page fails to load is to press the backbutton.

The error page shown by IE is operating in the local computer zone (res://C:\WINNT\System32\shdoclc.dll/dnserror.htm# on Win2000). Thus, we can execute code and read local files."

Microsoft has not made any comment on the issue.

Join the newsletter!

Or
Error: Please check your email address.

More about Microsoft

Show Comments