Reported this week to the Full Disclosure security mailing list and Bugtraq by researcher Michal Zalewski, the vulnerability in Internet Explorer resembles a similar flaw disclosed by Charles McAuley in June 2006.
“Unfortunately, there are some problems that allow user's keyboard input in unrelated locations to be selectively, transparently redirected to these input fields, and hence affect file selection to an attacker's liking,” he wrote. “Even though some browsers try to prevent file field hiding, it can be be easily stowed off screen at negative window coordinates.”
Microsoft acknowledged the vulnerability on Thursday, explaining that it is investigating the matter.
“Microsoft’s initial investigation reveals that an attacker could gain access to user files if the location of a given file is already known. In order to be successful, an attacker in advance would have to convince the user to enter the location of a file into an attacker's webpage through social engineering,”a company spokesperson said.
“Upon completion of this investigation, Microsoft will take appropriate action to help protect our customers.”
Researchers find similar unpatched flaw in IE and Firefox
By Ericka Chickowski on Feb 16, 2007 11:32PM