A recently discovered flaw in Netscape Communications Web-browser software could let malicious hackers retrieve and view any directory or locally stored file on a victim's computer.
But corporations using basic security measures, such as filtering software and properly configured firewalls, should have at least some measure of protection against the flaw, security analysts said.
The problem results when a certain function of Sun Microsystems' Java core is combined with a vulnerability in Netscape's implementation of Java. The flaw allows applets to access local files, said David Endler, an analyst at iDefense Intelligence Services, an Internet security services firm.
An attacker could exploit the hole by creating a malicious Web site that invisibly loads a Java applet on a visiting user's computer, according to an alert from iDefense.
Open applet The applet starts a Web server on the user's system that allows anyone to connect to it and view locally stored files and directories, the advisory added.
Endler said: "In theory, you can make public entire directories of a victim's computer. It's sort of like a poor man's Napster."
An exploit taking advantage of the flaw was posted August 4 by Daniel Brumleve, a programmer in Silicon Valley who discovered the flaw.
In examples posted on his Web site, Brumleve demonstrated how the vulnerability - nicknamed Brown Orifice - could be exploited to allow others to view and retrieve files without any warning.
It’s a steal In worst-case scenarios, attackers could use this method to steal passwords, user names and the entire contents of files, said Chris Rouland, director of the X-Force team of security analysts at Internet Security Systems.
The Brown Orifice exploit - the code for which can be downloaded from Brumleve's Web site - was a "proof-of-concept" code designed to show how Netscape's Java engine violates Java's "sandbox" rules, which prevent applets from touching the host system's operating system, Rouland said.
But users will first need to voluntarily visit malicious Web sites or click on emailed links to a malicious site to be exposed to the vulnerability, said Andrew Weinstein, a spokesman for America Online, which owns Netscape.
Weinstein said Netscape is working on a patch that will fix the hole.