Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
Spyware Doctor Enterprise
Help me choose
Internet Explorer IFRAME ExecCommand Vulnerability
A vulnerability in Internet Explorer could allow a malicious web site operator to read files on the computer of a user who visited the site, under certain circumstances.
Issue
The Internet Explorer security model normally restricts the Document.ExecCommand() method to prevent it from taking inappropriate action on a user's computer. However, at least one of these restrictions is not present if the method is invoked on an IFRAME. This could allow a malicious web site operator to read the contents of files on visiting users' computers, if he or she knew the name of the file and the folder in which it resided. The vulnerability would not allow the malicious user to list the contents of folders, create, modify or delete files, or to usurp any administrative control over the machine.
Affected Products
- Internet Explorer 4.01 (prior SP2) & 5.0
Download
Patch: http://www.microsoft.com/msdownload/iebuild/dlbhav/en/dlbhav.htm
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: November 4, 1999
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
