---
layout: post
status: publish
published: true
title: IE7 Remote File Access

wordpress_id: 255
wordpress_url: http://pro.grammatic.org/post-ie7-remote-file-access-46.aspx
date: !binary |-
  MjAwOC0wMy0wNSAwODo0MTo1NyArMDEwMA==
date_gmt: !binary |-
  MjAwOC0wMy0wNSAwODo0MTo1NyArMDEwMA==
categories:
- Technology
- InfoSec
tags:
- information security
- IE7
comments: []
---
<p>Just a quick post to draw attention to Ronald's excellent article at <a href="http://www.0x000000.com/?i=525">http://www.0x000000.com/?i=525</a> where he has pulled off a very interesting remote file access in IE7. The attack works by including an invalid DTD on an XML file which then streams the content of the requested file in its error message.</p>
<p>Use IE7? Be afraid.</p>