You could pull ntuser.dat and read a fair amount of juiciness about where to find some specific file.
From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Thursday, February 04, 2010 1:44 PM To: NT System Admin Issues Subject: RE: IE info-disclosure bug disclosed at Black Hat That's a well known folder, not a well known file. Exposure of folder contents does not appear to be included in this flaw. Again, name a well known data file (a specific file that exists for nearly every Windows installation of that Windows version) that could lead to critical harm if disclosed to an attacker. From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Thursday, February 04, 2010 2:34 PM To: NT System Admin Issues Subject: Re: IE info-disclosure bug disclosed at Black Hat c:\documents and settings\<user>\My Documents c:\users\<user>\Documents Many companies, especially small companies store their data here. Our users for the most part store data here for staging purposes when they are out in the field performing an audit. Eventually it gets cleaned out when incorporated into our engagement management software. On Thu, Feb 4, 2010 at 1:42 PM, Carl Houseman <c.house...@gmail.com> wrote: Secunia doesn't seem to think it's that critical, certainly not in the same league as system-takeover problems. Name any well known data file on my computer that would cause me "super critical" harm if disclosed. Don't bother with the local SAM, they can have it, since there's no remote access via a local account. Carl -----Original Message----- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, February 04, 2010 12:29 PM To: NT System Admin Issues Subject: Re: IE info-disclosure bug disclosed at Black Hat Super critical, because paths to many well-known data files are always the same. On Thu, Feb 4, 2010 at 09:10, Carl Houseman <c.house...@gmail.com> wrote: > It's not IE6, it's any version of IE that's not in "protected mode" (so, any > version of IE on XP, and or an elevated or UAC-disabled IE under Vista/7). > > Seems not that super-critical since exploit must know a complete path to a > specific file that's going to be revealed. > > Carl > > -----Original Message----- > From: Angus Scott-Fleming [mailto:angu...@geoapps.com] > Sent: Thursday, February 04, 2010 11:57 AM > To: NT System Admin Issues > Subject: IE info-disclosure bug disclosed at Black Hat > > MSRC bulletin released, MS Security Advisory released, ZDNet Zero-Day has a > story. > > An information-leakage problem in Internet Explorer has been disclosed > at > this week's Black Hat conference. It seems that if you use Internet > Explorer to surf the Internet, the Bad Guys can now read ANY FILE on > your > hard drive. Details and info on a Microsoft-issued "FixIt" solution are > > in the latest blog entry at http://geoapps.blogspot.com/ -- so if you > use > IE, especially IE6, please go read up on this and get patching. > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~