Microsoft Internet Explorer OnKeyDown information disclosure
| ie-onkeydown-information-disclosure (36848) |  Low Risk |
Description:
Microsoft Internet Explorer could allow a remote attacker to obtain sensitive information, caused by the improper focus handling of the onkeydown event. By modifying the focus from a "textarea" field to a "file upload" field using JavaScript, a remote attacker could exploit this vulnerability to bypass file upload field dialogs and possibly read arbitrary files on the system, if the attacker could persuade a victim to visit a specially-crafted Web page.
Platforms Affected:
- Microsoft, Internet Explorer 6
Remedy:
No remedy available as of July 4, 2009.
Consequences:
Obtain Information
References:
- 0x000000 Web site, THW260907 Internet Explorer File Focus Stealing at http://www.0x000000.com/index.php?i=437.
- Microsoft Internet Explorer Web site, Internet Explorer: Home Page at http://www.microsoft.com/windows/products/winfamily/ie/default.mspx.
- BID-25836: Microsoft Internet Explorer File Upload Vulnerability
- CVE-2007-5158: The focus handling for the onkeydown event in Microsoft Internet Explorer 6.0 allows remote attackers to change field focus and copy keystrokes via a certain use of a JavaScript htmlFor attribute, as demonstrated by changing focus from a textarea to a file upload field, a related issue to CVE-2007-3511.
- SA27007: Internet Explorer "OnKeyDown" Event Focus Weakness
Reported:
Sep 26, 2007
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net