A recently discovered flaw in
Netscape Communication's Internet browser software could let malicious hackers retrieve and view any directory or locally stored file on a victim's computer.
But corporations using basic security measures such as filtering software and properly configured firewalls should have at least some measure of protection against the flaw, security analysts said.
The problem results when a certain function of Sun Microsystems' Java core is combined with a vulnerability in Netscape's implementation of Java that allows applets to access local files, said David Endler, an analyst at iDefense Intelligence Services, an Internet security services firm in Fairfax, Vancouver.
An attacker could exploit the hole by creating a malicious Web site that invisibly loads a Java applet on a visiting user's computer, according to an alert from iDefense.
The applet starts a Web server on the user's system that allows anyone to connect to it and view locally stored files and directories, the advisory added.
"In theory, you can make public entire directories of a victim's computer," Endler said. "It's sort of like a poor man's Napster."
An exploit taking advantage of the flaw was posted Aug. 4 by Daniel Brumleve, a programmer in Silicon Valley who discovered the flaw.
In examples posted on his Web site, Brumleve demonstrated how the vulnerability - nicknamed Brown Orifice - could be exploited to allow others to view and retrieve files without any warning.
In worst-case scenarios, attackers could use this method to steal passwords, user names and the entire contents of files, said Chris Rouland, director of the X-Force team of security analysts at Internet Security Systems Inc. in Atlanta.
The Brown Orifice exploit - the code for which can be downloaded from Brumleve's Web site (www.brumleve.com/BrownOrifice/) - was a "proof-of-concept" code designed to show how "Netscape's Java engine violates Java's sandbox' rules," which prevent applets from touching the host system's operating system, Rouland said.
But users will first need to voluntarily visit malicious Web sites or click on e-mailed links to a malicious site to be exposed to the vulnerability, said Andrew Weinstein, a spokesman for America Online, which owns Netscape.
Weinstein said Netscape is working on a patch that will fix the hole.