A desenvolvedor of ShockWave applications can have access the
folders of e-mail of the users of the Browser Netscape. That is made
assuming the names and ways standards in the system of local archives
of the user. For example, Inbox, Outbox, Sent and Trash are names
standards that are configured in the installation of the Browser
Netscape. The way standard for these folders of e-mail in the
Windows95/NT is always the same "
C:/ProgramFiles/Netscape/Navigator/Mail/Inbox ", not to be that the
user configures a different way of the standard. The desenvolvedor of
ShockWave applications can program a called command " GETNETTEXT " it
Netscape to send a message for a server any in the Internet. The
content of the message will be the information of one of the folders
of e-mail of who received the ShockWave animation 97 [ VIT ];
Dave Yang discovered that the ShockWave version 5 with the
Browser Netscape makes possible that a desenvolvedor of ShockWave
applications has total access to the system of local archives of the
machine where ] is being executed 97 [ VIT;
The use of the ShockWave for machines of an Intranet them
leaves potentially vulnerable the attacks. Anima1c6oes ShockWave
malicious that they are executed in an Intranet can copy information
of the machine for one another machine in the Internet 97 [ VIT ].
Next