Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
Spyware Doctor Enterprise
Help me choose
Server-side Page Reference Redirect Vulnerability
A vulnerability exists in Microsoft® Internet Explorer 4.01, 5 and 5.01, that could allow a malicious web site operator to view a file on the computer of a visiting user, provided that the web site operator knew the name and folder of the file.
Issue
When a web server performs a server-side redirect, the IE security model checks the server's permissions on the new page. However, under favorable timing conditions, it is possible for a web server to create a reference to a client window that the server is permitted to view, then use a server-side redirect to a client-local file, and bypass the security restrictions. The result is that it could be possible for a malicious web site operator to view files on the computer of a visiting user. The web site operator would need to know (or guess) the name and location of the file.
Affected Products
- Internet Explorer 4.0, 4.01 and 4.01 SP1
Download
Patch: http://www.microsoft.com/windows/ie/security/servredir.asp
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: December 8, 1999
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
