Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
Spyware Doctor Enterprise
Help me choose
Internet Explorer "ImportExportFavorites" Vulnerability
A security vulnerability exists in ImportExportFavorites() function of Microsoft® Internet Explorer 5 that could allow a malicious web site operator to take inappropriate action on the computer of a person who visited the site.
Issue
IE 5 includes a feature that allows users to export a list of their favorite web sites to a file, or to import a file containing a list of favorite sites. The method that is used to perform this function, ImportExportFavorites(), should only allow particular types of files to be written, and only to specific locations on the drive. However, it is possible for a web site to invoke this method, bypass this restriction and write files that could be used to execute system commands. The net result is that a malicious web site operator potentially could take any action on the computer that the user would be capable of taking.
Affected Products
- Microsoft Internet Explorer 4.01 and 5
Download
Patch: http://www.microsoft.com/windows/ie/security/servredir.asp
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: September 24, 1999
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
