Internet Explorer Turns Your PC Into A Public File Server

In the beginning of February, the Black Hat Technical Security Conference is held in the US, where Jorge Luis Alvarez Medina will be speaking on a topic that might interest you, it will certainly interest Microsoft. The topic is “Internet Explorer turns your personal computer into a public file server”.

In this presentation we will show how an attacker can read every file of your filesystem if you are using Internet Explorer. This attack leverages different design features of Internet Explorer entailing security risks that, while low if considered isolated, lead to interesting attack vectors when combined altogether. We will also disclose and demonstrate proof of concept code developed for the scenarios proposed.

Microsoft might get busy next week, patching up their browser to withstand this new series of exploits that could turn your computer into a public file server. Let’s hope they have it ready for the next scheduled Microsoft patch day, Tuesday February 9th.

Are you still using Internet Explorer? If yes, what’s keeping you from switching to Firefox or another browser? Leave a comment, below.

10 thoughts on “Internet Explorer Turns Your PC Into A Public File Server”

  1. I think most people who are still using Internet Explorer are those non-tech savvy users. Since it comes preinstalled with their computer (Windows), they are sticking with it
    .-= Michael Aulia´s last blog ..WD TV Live Review =-.

    • Many of the people still using IE6 are actually corporate or institutional users where systems originally written to work in IE6 are still in use every day and it is easier to just keep using IE6 on hundreds or thousands of desktops instead of testing every possible combination of functions in an enterprise application in modern browsers and then roll out an upgrade to a modern browser on all those underpowered ancient workstations. This is unfortunately the downside of not sticking with standards compliant design in the first instance.

  2. It’s pretty bad when governmental institutions discourage the use of explorer, like the German Federal Office for Security in Information Technology (BSI) recommends using other browsers until the vulnerability exploited in the Google China case and other technology companies intrusions. The German report indicates versions 6, 7 to 8 are all vulnerable and advises disabling scripting Acitve and running in protected mode lower vulnerability.

    Anyone doing web development needs to use Firebox to benefit from the rich variety of plug-in utilities.

  3. Pingback: Myung-Ju Kang
  4. Me personally i like FireFox browser a lot better than Internet Explorer. It looks better and with all the short cuts it a lot easier to use. The only people that still use Internet Explorer is because it came with windows and they just don’t know better.

  5. Maybe ths is why many European countries have advised people to stop using IE. I’ll be happy when IE goes away and all of our Thesis Theme modifications work beautifully in most people’s browsers.
    .-= Somone´s last blog ..6 More Examples of Unique Thesis Theme Sites =-.

  6. Pingback: Stephen Basile
  7. I pity the poor folks who cling to their Internet Explorer because they are either to lazy or scared to change to the Firefox that I recommend to everybody who cares to listen. The thing is that people really tend to cling to what they know and are comfortable with, and they are very often extremely naive regarding the security issues with their installed browser. People trust the Microsoft brand, pure and simple.

    Since I personally got introduced to Firefox five years ago I have not looked back, and being a web junkie my browser is blinged out with tons of plugins and toolbars, things that only open source can create. Chrome is a nice quick browser, and there are more and more plugins becoming available for it, but I still use Firefox for the bulk of my surfing.

  8. Much like usual you have provided some amazing facts. Been lurking on the site for a while and wished to give thanks to you for making the effort to create it.


Leave a Comment