Title
Internet Explorer turns your personal computer into a public File Server
Authors
Jorge Luis Alvarez Medina
In
Black Hat DC 2010
Date published
2010-02-03
Keywords
Privilege escalation, Internet Explorer, Client-side attacks

Abstract

This document describes several design features of Internet Explorer that entail low security risk if considered individually but can lead to interesting attack vectors when combined together. Several attack scenarios that rely only on combinations of these low risk Internet Explorer features are explained and proof of concept code was developed that demonstrate they are feasible.

Attachments

turn_IE_into_a_File_Server.tar.gz - Files used for the BlackHat DC 2010 demo